Branch: refs/heads/master
Home:
https://github.com/tribe29/checkmk
Commit: 92adf47faf0ca327fe2308af605b7a14091385fb
https://github.com/tribe29/checkmk/commit/92adf47faf0ca327fe2308af605b7a140…
Author: Lars Michelsen <lm(a)tribe29.com>
Date: 2019-09-04 (Wed, 04 Sep 2019)
Changed paths:
A .werks/8881
M cmk/gui/notifications.py
Log Message:
-----------
8881 SEC Fix possible XSS issue on "confirm failed notifications" page
Using a manipulated notification script or notification destination system it
was possible to inject javascript code into the "confirm failed notifications"
page.
To prevent users from this potential issue, you could remove the permission for
viewing the failed notifications from the users roles.
Change-Id: I07f84a8a7a577602055fab37b07cd162978ce7d4