Branch: refs/heads/master
Home:
https://github.com/Checkmk/checkmk
Commit: 7e6ac7db4af9167eae460c30ecfbd9ba880e9eef
https://github.com/Checkmk/checkmk/commit/7e6ac7db4af9167eae460c30ecfbd9ba8…
Author: Teresa Siegmantel <teresa.siegmantel(a)tribe29.com>
Date: 2023-05-09 (Tue, 09 May 2023)
Changed paths:
A .werks/13982
M cmk/gui/fields/definitions.py
M cmk/gui/plugins/openapi/endpoints/acknowledgement.py
M cmk/gui/plugins/openapi/endpoints/comments.py
M cmk/gui/plugins/openapi/endpoints/downtime.py
M cmk/gui/plugins/openapi/endpoints/host_config.py
M cmk/gui/plugins/openapi/endpoints/host_internal.py
M cmk/gui/plugins/openapi/endpoints/service.py
M cmk/gui/plugins/openapi/endpoints/service_discovery.py
M cmk/gui/plugins/openapi/restful_objects/request_schemas.py
M tests/testlib/rest_api_client.py
M tests/unit/cmk/gui/plugins/openapi/test_openapi_group_config.py
M tests/unit/cmk/gui/plugins/openapi/test_openapi_host_config.py
M tests/unit/cmk/gui/plugins/openapi/test_site_management.py
Log Message:
-----------
13982 SEC Reading host_config's will now honour contact groups
Prior to this Werk it was possible for a user to read a hosts configuration
(using GET on '/objects/host_config/<host_name>') even if that user was not
in the contact group of that host.
The REST-API will correctly check a users permissions before serving a response
in that case and report a 403 error if the user cannot access the host's config.
<b>Affected Versions</b>:
LI: 2.2.0 (beta)
LI: 2.1.0
<b>Vulnerability Management</b>:
We calculated a CVSS 3.1 score of 4.3 (Medium) with the following vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
We assigned CVE-2023-22348 to this vulnerability.
We found this vulnerability internally and have no indication of any exploitation.
Change-Id: Id04281db696467ae11ee1d5ce3d172c1bed71a93
Commit: 5a5d396eec16f004f565bb941d848d94f1f11f69
https://github.com/Checkmk/checkmk/commit/5a5d396eec16f004f565bb941d848d94f…
Author: Kenneth Okoh <kenneth.okoh(a)checkmk.com>
Date: 2023-05-09 (Tue, 09 May 2023)
Changed paths:
M cmk/gui/werks.py
Log Message:
-----------
About Checkmk page: Update text
CMK-13192
Change-Id: I679b24c80091cee4f624362adc0736c2abb4aa12
Compare:
https://github.com/Checkmk/checkmk/compare/f6bc356e696d...5a5d396eec16