Checkmk werks level1 September 2018

checkmk-werks-lvl1@lists.checkmk.com

11 participants
145 discussions

Check_MK Werk 6622: Fixed possible open redirect on login page

by Lars Michelsen

ID: 6622 Title: Fixed possible open redirect on login page Component: Multisite Level: 1 Class: Security fix Version: 1.6.0i1 It was possible to redirect an user to external websites through manipulating GET parameters. To exploit this vulnerability, an attacker needs to trick a user into following a crafted URL. The attack only works if the user does not notice that he is redirected to a different URL.

6 years

Check_MK Werk 6619: Fixed missing CSRF protection for master control AJAX calls

by Lars Michelsen

ID: 6619 Title: Fixed missing CSRF protection for master control AJAX calls Component: Multisite Level: 1 Class: Security fix Version: 1.6.0i1 The AJAX calls used by the master control snapin were not correctly using CSRF tokens to protect logged in users against malicious links that could trigger actions. CMK-963

6 years

Check_MK Werk 6620: Fixed missing CSRF protection for site status AJAX calls

by Lars Michelsen

ID: 6620 Title: Fixed missing CSRF protection for site status AJAX calls Component: Multisite Level: 1 Class: Security fix Version: 1.6.0i1 The AJAX calls used by the site status snapin were not correctly using CSRF tokens to protect logged in users against malicious links that could trigger actions.

6 years

Check_MK Werk 6618: Fixed missing CSRF protection for host diagnostic AJAX calls

by Lars Michelsen

ID: 6618 Title: Fixed missing CSRF protection for host diagnostic AJAX calls Component: WATO Level: 1 Class: Security fix Version: 1.6.0i1 The AJAX calls used by the host diagnostic page were not correctly using CSRF tokens to protect logged in users against malicious links that could trigger actions.

6 years

Check_MK Werk 6599: HW/SW Inventory: Only count the real entries

by Simon Betz

ID: 6599 Title: HW/SW Inventory: Only count the real entries Component: HW/SW Inventory Level: 1 Class: Bug fix Version: 1.6.0i1 The active check {{Check_MK HW/SW Inventory}}, the inventory history and the shell commands <tt>cmk -vi</tt> and <tt>cmk -vii</tt> show the number of found entries. This number also includes the amount of nodes. Example: <tt>Hardware > System > Family: Thinkpad</tt> gives 3 entries. This may be confusing. Now only the real entries are counted. Example: <tt>Hardware > System > Family: Thinkpad</tt> gives 1 entry.

6 years

Check_MK Werk 6598: HW/SW Inventory: Do not list plugins on commandline for which the related section is empty

by Simon Betz

ID: 6598 Title: HW/SW Inventory: Do not list plugins on commandline for which the related section is empty Component: HW/SW Inventory Level: 1 Class: Bug fix Version: 1.6.0i1

6 years

Check_MK Werk 6596: Do status data inventory: Check "HW/SW Inventory" and shell commands behave the same way

by Simon Betz

ID: 6596 Title: Do status data inventory: Check "HW/SW Inventory" and shell commands behave the same way Component: Checks & agents Level: 1 Class: Bug fix Version: 1.6.0i1 If <tt>Status data inventory</tt> is enabled in the ruleset <tt>Do hardware/software Inventory</tt> the active check <tt>Check_MK HW/SW Inventory</tt> and the shell commands <tt>cmk -vii</tt> and <tt>cmk -vi</tt> behave the same way. The same result should also be displayed if <tt>cmk -v</tt> is executed if <tt>Status data inventory</tt> is enabled.

6 years

Check_MK Werk 6624: Sign all agents: Prevent focussing search field when opening the dialog

by Lars Michelsen

ID: 6624 Title: Sign all agents: Prevent focussing search field when opening the dialog Component: agents Level: 1 Class: Bug fix Version: 1.6.0i1 When opening the dialog "Sign all agents" there was previously a search field shown which had the initial focus. A user would expect to have the initial focus on the key pass phrase field to sign the agent. When the user starts typing the pass phrase without previously changing the focus, the pass phrase becomes visible on the screen. To fix this we have now removed the search field from the "Sign all agents" dialog. The pass phrase field in now initially focused as intended.

6 years

Check_MK Werk 6496: check_mk_agent.linux: Moved piggybacked docker container sections to plugin 'mk_docker_container_piggybacked'

by Simon Betz

ID: 6496 Title: check_mk_agent.linux: Moved piggybacked docker container sections to plugin 'mk_docker_container_piggybacked' Component: Checks & agents Level: 1 Class: Bug fix Version: 1.6.0i1 In order to monitor docker containers the {{check_mk_agent}} collects the following information of each docker container as piggyback data: <ul> <li>The state, node name, labels and network information</li> <li>Execution of the {{check_mk_agent}} within running containers</li> </ul> Moreover you have to create piggybacked hosts in Check_MK for each docker container. The piggybacked host name is the docker container ID. Due to a long running time of these sections they are transferred to the plugin {{mk_docker_container_piggybacked}} which also can be executed asynchronously. That means that these sections were removed from the {{check_mk_agent}} and you have to install the plugin to the plugins folder on the client.

6 years

Check_MK Werk 6623: NagVis: Updated to 1.9.10

by Lars Michelsen

ID: 6623 Title: NagVis: Updated to 1.9.10 Component: Other Components Level: 1 Class: Bug fix Version: 1.6.0i1

6 years

← Newer
1
...
6
7
8
9
10
11
12
...
15
Older →

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

Checkmk werks level1 September 2018