Branch: refs/heads/2.2.0 Home: https://github.com/Checkmk/checkmk Commit: 18b72b3c9ed43937fba5e55379fb358bd3409a3a https://github.com/Checkmk/checkmk/commit/18b72b3c9ed43937fba5e55379fb358bd… Author: Maximilian Wirtz <maximilian.wirtz(a)checkmk.com> Date: 2024-10-07 (Mon, 07 Oct 2024) Changed paths: A .werks/17145 Log Message: ----------- 17145 SEC Information leak in mknotifyd When a notification context is sent to mknotifyd a "result message" is generated by mknotifyd and sent back so the original site so it can show if there were problems handling that notification. This result message could contain secrets that were not meant to be sent to remote sites, e.g. passwords/secrets. These secrets were not processed by the remote site but a rough site would have been able to retrieve these. This issue was found during internal review. *Affected Versions*: * 2.3.0 * 2.2.0 * 2.1.0 * 2.0.0 (EOL) *Vulnerability Management*: We have rated the issue with a CVSS Score of 5.3 Medium (`CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N`) and assigned `CVE-2024-6747`. CMK-13549 Change-Id: I9c2595018eb2ed383df0eb1eda0560a134bdc725 To unsubscribe from these emails, change your notification settings at https://github.com/Checkmk/checkmk/settings/notifications