Branch: refs/heads/2.2.0
Home:
https://github.com/Checkmk/checkmk
Commit: d281666ab76a7ffdee34ce668bb186ccc562d158
https://github.com/Checkmk/checkmk/commit/d281666ab76a7ffdee34ce668bb186ccc…
Author: Maximilian Wirtz <maximilian.wirtz(a)checkmk.com>
Date: 2024-07-01 (Mon, 01 Jul 2024)
Changed paths:
A .werks/17010
M cmk/gui/valuespec.py
Log Message:
-----------
17010 SEC XSS in SQL check parameters
Prior to this Werk an attacher could add HTML to one parameter of the *Check SQL database*
rule which was executed on the overview page.
We found this vulnerability internally.
**Affected Versions**:
LI: 2.3.0
LI: 2.2.0
LI: 2.1.0
LI: 2.0.0 (probably older versions as well)
**Indicators of Compromis**:
The creation of such rules is logged in the audit log. You can therefore check the
`wato_audit.log` either on the terminal or in the UI for entries that contain malicious
HTML.
**Vulnerability Management**:
We have rated the issue with a CVSS Score of 6.5 (Medium) with the following CVSS vector:
`CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L`
We assigned CVE-2024-6052 to this vulnerability.
**Changes**:
This Werk fixes the escaping.
CMK-17809
Change-Id: I8cf2d8218f1d6bb449beb6947d879b8a114e081a
Commit: cad9dd2ec159e66c9d57cde977e9a9a32c57b670
https://github.com/Checkmk/checkmk/commit/cad9dd2ec159e66c9d57cde977e9a9a32…
Author: Kenneth Okoh <kenneth.okoh(a)checkmk.com>
Date: 2024-07-02 (Tue, 02 Jul 2024)
Changed paths:
M .werks/17010
Log Message:
-----------
Fix werk version
Change-Id: I5c53b5b32f1013a1611377a5d15120afebe9e245
Commit: 1a3de82e3473eee4b565691b4d2103399ca99074
https://github.com/Checkmk/checkmk/commit/1a3de82e3473eee4b565691b4d2103399…
Author: Hannes Rantzsch <hannes.rantzsch(a)checkmk.com>
Date: 2024-07-02 (Tue, 02 Jul 2024)
Changed paths:
A .werks/17090
M cmk/gui/backup.py
M cmk/gui/key_mgmt.py
M cmk/gui/mkeventd/wato.py
M cmk/gui/plugins/wato/bi_config.py
M cmk/gui/plugins/wato/utils/simple_modes.py
M cmk/gui/wato/pages/audit_log.py
M cmk/gui/wato/pages/bulk_discovery.py
M cmk/gui/wato/pages/bulk_edit.py
M cmk/gui/wato/pages/bulk_import.py
M cmk/gui/wato/pages/diagnostics.py
M cmk/gui/wato/pages/folders.py
M cmk/gui/wato/pages/global_settings.py
M cmk/gui/wato/pages/groups.py
M cmk/gui/wato/pages/host_diagnose.py
M cmk/gui/wato/pages/host_rename.py
M cmk/gui/wato/pages/icons.py
M cmk/gui/wato/pages/ldap.py
M cmk/gui/wato/pages/notifications.py
M cmk/gui/wato/pages/parentscan.py
M cmk/gui/wato/pages/read_only.py
M cmk/gui/wato/pages/roles.py
M cmk/gui/wato/pages/rulesets.py
M cmk/gui/wato/pages/search.py
M cmk/gui/wato/pages/sites.py
M cmk/gui/wato/pages/tags.py
M cmk/gui/wato/pages/timeperiods.py
M cmk/gui/wato/pages/user_migrate.py
M cmk/gui/wato/pages/users.py
M web/htdocs/js/modules/forms.ts
Log Message:
-----------
17090 SEC Fix Various CSRF Issues
This Werk adds priviously missing CSRF-Token validation to various endpoints in WATO.
The lack of CSRF-Token validation could allow an attacker to perform actions on behalf of
a user without their consent, by tricking the user into visiting clicking on a malicious
link.
This vulnerability was identified during a commissioned penetration test conducted by PS
Positive Security GmbH.
*Affected Versions*:
* 2.3.0
* 2.2.0
* 2.1.0
* 2.0.0 (EOL)
*Vulnerability Management*:
We have rated the issue with a CVSS Score of 8.8 High with the following CVSS vector:
`CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H`.
and assigned CVE `CVE-2024-28828`.
Change-Id: Ib12128b873b7d06140e48fb66147e7a2599dd6f9
Commit: 1daf1f2c116f786c03ac155006dff14ac96b8d9f
https://github.com/Checkmk/checkmk/commit/1daf1f2c116f786c03ac155006dff14ac…
Author: Solomon Jacobs <solomon.jacobs(a)checkmk.com>
Date: 2024-07-02 (Tue, 02 Jul 2024)
Changed paths:
A .werks/16431
M omd/packages/omd/omdlib/main.py
Log Message:
-----------
16431 FIX omd restore: Fix RuntimeError: Failed to determine site version
SUP-18672
Change-Id: Ic212139fd8e2e38c2dfbb70c9db68812870d22d5
Commit: 991ffeda722dc12d049c3dd7a667cb5ef08a8fc7
https://github.com/Checkmk/checkmk/commit/991ffeda722dc12d049c3dd7a667cb5ef…
Author: Sergey Kipnis <sergey.kipnis(a)checkmk.com>
Date: 2024-07-02 (Tue, 02 Jul 2024)
Changed paths:
A .werks/16845
M agents/wnx/src/common/wtools.cpp
M agents/wnx/src/engine/cfg.cpp
M agents/wnx/src/engine/cfg_details.h
M agents/wnx/src/engine/cma_core.cpp
M agents/wnx/src/engine/cma_core.h
M agents/wnx/watest/test-yaml.cpp
Log Message:
-----------
16845 SEC fix a privilege escalation vulnerability in the Checkmk Windows Agent
This Werk fixes a privilege escalation vulnerability in the Checkmk Windows
Agent.
Prior to this Werk, it was possible for authenticated users on the monitored
Windows host to execute commands as administrator account that is used to run
the Agent, allowing them to elevate their privileges.
The reason for this issue were excessive write permissions on the
`ProgramData\checkmk\agent` directory.
Note that you must update Checkmk as well as the agent in order to apply this
fix.
This issue was found in a commissioned penetration test conducted by modzero
GmbH.
*Affected Versions*:
* 2.3.0
* 2.2.0
* 2.1.0
*Mitigations*:
If updating is not possible, you can manually remove write access for non-admin
users on the `ProgramData\checkmk\agent` folder.
To do this, navigate to the folder's property settings and make sure to verify
the special permissions and advanced permission settings in addition to the
basic permission settings.
*Vulnerability Management*:
We have rated the issue with a CVSS Score of 8.8 High
(`CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H`)
and assigned `CVE-2024-28827`.
Change-Id: Ie739e73f15af032a3d2cdd0cfd20ea8bb97a761f
Commit: db4fb9cbcff2e657426db49c28e2c228e7d6646f
https://github.com/Checkmk/checkmk/commit/db4fb9cbcff2e657426db49c28e2c228e…
Author: Checkmk release system <feedback(a)checkmk.com>
Date: 2024-07-02 (Tue, 02 Jul 2024)
Changed paths:
M agents/check_mk_agent.aix
M agents/check_mk_agent.freebsd
M agents/check_mk_agent.hpux
M agents/check_mk_agent.linux
M agents/check_mk_agent.macosx
M agents/check_mk_agent.netbsd
M agents/check_mk_agent.openbsd
M agents/check_mk_agent.openvms
M agents/check_mk_agent.openwrt
M agents/check_mk_agent.solaris
M agents/plugins/apache_status.py
M agents/plugins/asmcmd.sh
M agents/plugins/db2_mem
M agents/plugins/dnsclient
M agents/plugins/hpux_lunstats
M agents/plugins/hpux_statgrab
M agents/plugins/ibm_mq
M agents/plugins/isc_dhcpd.py
M agents/plugins/jar_signature
M agents/plugins/kaspersky_av
M agents/plugins/lnx_container_host_if.linux
M agents/plugins/lnx_quota
M agents/plugins/lvm
M agents/plugins/mailman2_lists
M agents/plugins/mailman3_lists
M agents/plugins/mk_apt
M agents/plugins/mk_ceph
M agents/plugins/mk_cups_queues
M agents/plugins/mk_db2.aix
M agents/plugins/mk_db2.linux
M agents/plugins/mk_docker.py
M agents/plugins/mk_errpt.aix
M agents/plugins/mk_filehandler
M agents/plugins/mk_filestats.py
M agents/plugins/mk_haproxy.freebsd
M agents/plugins/mk_informix
M agents/plugins/mk_inotify.py
M agents/plugins/mk_inventory.aix
M agents/plugins/mk_inventory.linux
M agents/plugins/mk_inventory.solaris
M agents/plugins/mk_iptables
M agents/plugins/mk_jolokia.py
M agents/plugins/mk_logins
M agents/plugins/mk_logwatch.py
M agents/plugins/mk_mongodb.py
M agents/plugins/mk_mysql
M agents/plugins/mk_nfsiostat
M agents/plugins/mk_omreport
M agents/plugins/mk_oracle
M agents/plugins/mk_oracle_crs
M agents/plugins/mk_postgres.py
M agents/plugins/mk_redis
M agents/plugins/mk_sap.aix
M agents/plugins/mk_sap.py
M agents/plugins/mk_sap_hana
M agents/plugins/mk_saprouter
M agents/plugins/mk_scaleio
M agents/plugins/mk_site_object_counts
M agents/plugins/mk_sshd_config
M agents/plugins/mk_suseconnect
M agents/plugins/mk_tinkerforge.py
M agents/plugins/mk_tsm
M agents/plugins/mk_zypper
M agents/plugins/mtr.py
M agents/plugins/netstat.aix
M agents/plugins/netstat.linux
M agents/plugins/netstat.solaris
M agents/plugins/nfsexports
M agents/plugins/nfsexports.solaris
M agents/plugins/nginx_status.py
M agents/plugins/plesk_backups.py
M agents/plugins/plesk_domains.py
M agents/plugins/runas
M agents/plugins/smart
M agents/plugins/symantec_av
M agents/plugins/unitrends_backup
M agents/plugins/unitrends_replication.py
M agents/plugins/vxvm
M agents/plugins/zorp
M agents/windows/plugins/ad_replication.bat
M agents/windows/plugins/arcserve_backup.ps1
M agents/windows/plugins/citrix_farm.ps1
M agents/windows/plugins/citrix_licenses.vbs
M agents/windows/plugins/citrix_xenapp.ps1
M agents/windows/plugins/hyperv_vms.ps1
M agents/windows/plugins/hyperv_vms_guestinfos.ps1
M agents/windows/plugins/iis_app_pool_state.ps1
M agents/windows/plugins/kaspersky_av_client.vbs
M agents/windows/plugins/mcafee_av_client.bat
M agents/windows/plugins/megaraid.bat
M agents/windows/plugins/mk_dhcp_enabled.bat
M agents/windows/plugins/mk_inventory.vbs
M agents/windows/plugins/mk_msoffice.ps1
M agents/windows/plugins/mk_mysql.vbs
M agents/windows/plugins/mk_oracle.ps1
M agents/windows/plugins/msexch_dag.ps1
M agents/windows/plugins/msexch_database.ps1
M agents/windows/plugins/mssql.vbs
M agents/windows/plugins/netstat_an.bat
M agents/windows/plugins/nvidia_smi.ps1
M agents/windows/plugins/rds_licenses.vbs
M agents/windows/plugins/rstcli.bat
M agents/windows/plugins/sansymphony.ps1
M agents/windows/plugins/storcli.bat
M agents/windows/plugins/tsm_checks.bat
M agents/windows/plugins/veeam_backup_status.ps1
M agents/windows/plugins/win_dhcp_pools.bat
M agents/windows/plugins/win_dmidecode.bat
M agents/windows/plugins/win_license.bat
M agents/windows/plugins/win_printers.ps1
M agents/windows/plugins/windows_broadcom_bonding.bat
M agents/windows/plugins/windows_if.ps1
M agents/windows/plugins/windows_intel_bonding.bat
M agents/windows/plugins/windows_multipath.vbs
M agents/windows/plugins/windows_os_bonding.ps1
M agents/windows/plugins/windows_tasks.ps1
M agents/windows/plugins/windows_updates.vbs
M agents/windows/plugins/wmic_if.bat
M agents/wnx/src/common/wnx_version.h
M bin/livedump
M bin/mkbackup
M cmk/special_agents/agent_jolokia.py
M cmk/special_agents/agent_netapp.py
M cmk/special_agents/agent_splunk.py
M cmk/special_agents/agent_vsphere.py
M cmk/utils/version.py
M configure.ac
M defines.make
M docker_image/Dockerfile
M packages/cmk-agent-ctl/src/constants.rs
Log Message:
-----------
Set version to 2.2.0p30
Commit: 12eba85c9112773b9c4e977c09368ea27f180069
https://github.com/Checkmk/checkmk/commit/12eba85c9112773b9c4e977c09368ea27…
Author: Kenneth Okoh <kenneth.okoh(a)checkmk.com>
Date: 2024-07-02 (Tue, 02 Jul 2024)
Changed paths:
A .werks/16999
M cmk/base/core_nagios.py
M cmk/gui/mkeventd/icon.py
M cmk/gui/views/painter/v0/painters.py
M cmk/utils/escaping.py
M tests/unit/cmk/gui/plugins/views/test_painters.py
Log Message:
-----------
16999 FIX Service check command UI escaping
Previously instead of "!" the GUI displayed "\!" when rendering a
service check command.
This is fixed to rendering unescaped service check commands to the GUI.
CMK-17241
Change-Id: I66b903ab2c35add145938e0c2bba50614496cc33
Commit: 1551cfeef6b3ff6356e7388c059ec0ac839df236
https://github.com/Checkmk/checkmk/commit/1551cfeef6b3ff6356e7388c059ec0ac8…
Author: Kenneth Okoh <kenneth.okoh(a)checkmk.com>
Date: 2024-07-02 (Tue, 02 Jul 2024)
Changed paths:
M .werks/16999
Log Message:
-----------
Werk #16999: fix version
Change-Id: Ibdc9f3a93f283c3d241a85f3f719f829a25ebff4
Commit: c9e762baf9b7bc6374feaa927e2454d2872c4abe
https://github.com/Checkmk/checkmk/commit/c9e762baf9b7bc6374feaa927e2454d28…
Author: Simon Jess <simon.jess(a)checkmk.com>
Date: 2024-07-02 (Tue, 02 Jul 2024)
Changed paths:
A .werks/16753
M cmk/gui/views/inventory/__init__.py
M cmk/gui/views/join_service_rows.py
Log Message:
-----------
16753 FIX HW/SW Inventory: Fix missing joined service columns if a service is assigned
to a cluster
Change-Id: I75b0bd6141ba2f4b715b8c06f8aeb844df1641f3
Commit: 378067cdd4f087c1f6b42a14c4bc1b0a40df798f
https://github.com/Checkmk/checkmk/commit/378067cdd4f087c1f6b42a14c4bc1b0a4…
Author: Sofia Colakovic <sofia.colakovic(a)checkmk.com>
Date: 2024-07-02 (Tue, 02 Jul 2024)
Changed paths:
A .werks/16863
M cmk/special_agents/agent_proxmox_ve.py
M tests/unit/checks/test_agent_proxmox_ve.py
Log Message:
-----------
16863 FIX proxmox: Fix log parsing crash for Proxmox versions 3.2.4 and newer
The backup log format changed in Proxmox version 3.2.4 which resulted in a crash
in the Proxmox special agent.
The special agent can now handle both old and the new format of backup log messages.
SUP-19222
Change-Id: I57c0108b20874b8d3fb5841f8827779ed1504d3a
Commit: fc36525c611e6f62b82e710598ca6aa2164f71dd
https://github.com/Checkmk/checkmk/commit/fc36525c611e6f62b82e710598ca6aa21…
Author: Checkmk release system <feedback(a)checkmk.com>
Date: 2024-07-02 (Tue, 02 Jul 2024)
Changed paths:
M tests/update/base_versions_current_branch.json
Log Message:
-----------
Include 2.2.0p29 in base-versions list for update-test
Compare:
https://github.com/Checkmk/checkmk/compare/e3222a6bc5ff...fc36525c611e
To unsubscribe from these emails, change your notification settings at
https://github.com/Checkmk/checkmk/settings/notifications