Branch: refs/heads/2.2.0
Home:
https://github.com/Checkmk/checkmk
Commit: 0001d42e26c6845ebcc02284986c057f6a688372
https://github.com/Checkmk/checkmk/commit/0001d42e26c6845ebcc02284986c057f6…
Author: Mehrdad Shahidi <mohammadmehrdad.shahidi(a)checkmk.com>
Date: 2024-08-26 (Mon, 26 Aug 2024)
Changed paths:
A .werks/17026
Log Message:
-----------
17026 SEC Fix XSS in view page with SLA column
Prior to this werk, the SLA (Service Level Agreement) titles were being rendered as HTML
in the view page without proper escaping, leading to a potential XSS vulnerability.
**Affected Versions**:
* 2.3.0
* 2.2.0
* 2.1.0
* 2.0.0 (EOL)
**Indicators of Compromise**:
Cloning the view page of untrusted users who have injected HTML into the SLA titles.
**Vulnerability Management**:
We have rated the issue with a CVSS score of 4.8 (medium) with the following CVSS vector:
`CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N`, and assigned
`CVE-2024-38859`.
Change-Id: If1a560f4e6bbf5f52d9363a636e316653e134a58
To unsubscribe from these emails, change your notification settings at
https://github.com/Checkmk/checkmk/settings/notifications