Branch: refs/heads/2.3.0 Home: https://github.com/Checkmk/checkmk Commit: 252434839bec16774e18436a76777d93f7811486 https://github.com/Checkmk/checkmk/commit/252434839bec16774e18436a76777d93f… Author: Maximilian Wirtz <maximilian.wirtz(a)checkmk.com> Date: 2024-10-02 (Wed, 02 Oct 2024) Changed paths: A .werks/17145.md Log Message: ----------- 17145 SEC Information leak in mknotifyd When a notification context is sent to mknotifyd a "result message" is generated by mknotifyd and sent back so the original site so it can show if there were problems handling that notification. This result message could contain secrets that were not meant to be sent to remote sites, e.g. passwords/secrets. These secrets were not processed by the remote site but a rough site would have been able to retrieve these. This issue was found during internal review. *Affected Versions*: * 2.3.0 * 2.2.0 * 2.1.0 * 2.0.0 (EOL) *Vulnerability Management*: We have rated the issue with a CVSS Score of 5.3 Medium (`CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N`) and assigned `CVE-2024-6747`. CMK-13549 Change-Id: I9c2595018eb2ed383df0eb1eda0560a134bdc725 To unsubscribe from these emails, change your notification settings at https://github.com/Checkmk/checkmk/settings/notifications