Module: check_mk
Branch: master
Commit: 0179cfcbf53f595b9703f632958dd0f7e28d5b52
URL:
http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=0179cfcbf53f59…
Author: Lars Michelsen <lm(a)mathias-kettner.de>
Date: Fri Sep 14 08:42:47 2018 +0200
6614 SEC Fixed reflected XSS affecting agent updater AJAX calls
When the hostname of a monitored agent is known, this could be used to exploit
a reflected XSS vulnerability. Every unauthenticated or authenticated user can
issue a request like this. The victim does not have to be authorized on the
Check_MK application
Change-Id: If81ea745bfd042b647f24f34bf7e90c1dff93a5d
---
.werks/6614 | 13 +++++++++++++
1 file changed, 13 insertions(+)
diff --git a/.werks/6614 b/.werks/6614
new file mode 100644
index 0000000..8a8dd43
--- /dev/null
+++ b/.werks/6614
@@ -0,0 +1,13 @@
+Title: Fixed reflected XSS affecting agent updater AJAX calls
+Level: 1
+Component: agents
+Compatible: compat
+Edition: cee
+Version: 1.6.0i1
+Date: 1536907287
+Class: security
+
+When the hostname of a monitored agent is known, this could be used to exploit
+a reflected XSS vulnerability. Every unauthenticated or authenticated user can
+issue a request like this. The victim does not have to be authorized on the
+Check_MK application