Checkmk werks level1 June 2024

checkmk-werks-lvl1@lists.checkmk.com

1 participants
272 discussions

[2.3.0] Checkmk Werk 17053 created: Split old audit log files larger 300MB on update

by Checkmk werks level 1

[//]: # (werk v2) # Split old audit log files larger 300MB on update key | value ---------- | --- date | 2024-06-14T07:49:42+00:00 version | 2.3.0p7 class | fix edition | cre component | wato level | 1 compatible | yes Since 2.3.0 the wato audit log files are logrotated at a size of 300MB. The update should take care of files bigger than 300MB but looked for files greater 400MB in earlier versions. This has now been adjusted to the size the logrotate happens.

3 months

[2.3.0] Checkmk Werk 17030 created: huawei_osn_laser: Fix parsing issue

by Checkmk werks level 1

[//]: # (werk v2) # huawei_osn_laser: Fix parsing issue key | value ---------- | --- date | 2024-06-17T15:20:33+00:00 version | 2.3.0p7 class | fix edition | cre component | checks level | 1 compatible | yes Fixed a parsing issue in the huawei_osn_laser check plugin. The problem appeared every time a serivce was supposed to have an OK state and caused the check plugin to crash, and thus not deliver any result. The crash report ended with this line: C+: if "\n" in subresult[1]: C-: This has now been fixed.

3 months

[2.3.0] Checkmk Werk 17025 created: Fix XSS in confirmation pop-up

by Checkmk werks level 1

[//]: # (werk v2) # Fix XSS in confirmation pop-up key | value ---------- | --- date | 2024-06-10T10:40:28+00:00 version | 2.3.0p7 class | security edition | cre component | wato level | 1 compatible | yes Prior to this Werk, there was a potential for HTML elements from user inputs to be rendered in certain confirmation pop-ups, leading to an XSS vulnerability. This vulnerability was identified during a commissioned penetration test conducted by PS Positive Security GmbH. *Affected Versions*: * 2.3.0 * 2.2.0 *Indicators of Compromise*: Injected HTML elements in some specific user input fields with no proper escaping that are displayed in the confirmation pop-up. *Vulnerability Management*: We have rated the issue with a CVSS Score of 5.4 (Medium) with the following CVSS vector: `CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N`, and assigned `CVE-2024-28831`.

3 months

[2.3.0] Checkmk Werk 17024 created: Fix XSS in Crash Report Page

by Checkmk werks level 1

[//]: # (werk v2) # Fix XSS in Crash Report Page key | value ---------- | --- date | 2024-06-06T13:17:36+00:00 version | 2.3.0p7 class | security edition | cre component | wato level | 1 compatible | yes Prior to this Werk, it was possible to inject HTML elements into Crash report URL in the Global settings, leading to an `XSS` vulnerability in the Crash reports page. This vulnerability was identified during a commissioned penetration test conducted by PS Positive Security GmbH. *Affected Versions*: * 2.3.0 * 2.2.0 * 2.1.0 * 2.0.0 (EOL) *Indicators of Compromise*: Check the crash report HTTP URL in the Global settings for suspicious HTML elements. *Vulnerability Management*: We have rated the issue with a CVSS Score of 4.8 Medium with the following CVSS vector: `CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N`. and assigned `CVE-2024-28832`.

3 months

[2.3.0] Checkmk Werk 17069 created: Synthetic Monitoring: Let test services go stale if no merged XML data is available

by Checkmk werks level 1

[//]: # (werk v2) # Synthetic Monitoring: Let test services go stale if no merged XML data is available key | value ---------- | --- date | 2024-06-17T09:57:45+00:00 version | 2.3.0p7 class | fix edition | cee component | checks level | 1 compatible | yes If the rebot command fails on a test node or if all attempts time out, no merged XML data is available on the Checkmk server. In this case, the corresponding plan service will report the standard message "Item not found in monitoring data" and go UNKNOWN. Before this werk, the test services behaved in the same way. As of this werk, they instead go stale, which is the intended behavior.

3 months

[2.3.0] Checkmk Werk 16877 created: Nutanix agent: improve error handling during fetch

by Checkmk werks level 1

[//]: # (werk v2) # Nutanix agent: improve error handling during fetch key | value ---------- | --- date | 2024-06-18T10:47:59+00:00 version | 2.3.0p7 class | fix edition | cre component | checks level | 1 compatible | yes This werk improves the error handling when the agent is executed. Prior to this change, the Check_MK service displayed that a Crash Report should be submitted whenever the agent failed to retrieve the data. This has been changed with this werk.

3 months

[2.4.0] Checkmk Werk 17025 created: Fix XSS in confirmation pop-up

by Checkmk werks level 1

[//]: # (werk v2) # Fix XSS in confirmation pop-up key | value ---------- | --- date | 2024-06-10T10:40:28+00:00 version | 2.4.0b1 class | security edition | cre component | wato level | 1 compatible | yes Prior to this Werk, there was a potential for HTML elements from user inputs to be rendered in certain confirmation pop-ups, leading to an XSS vulnerability. This vulnerability was identified during a commissioned penetration test conducted by PS Positive Security GmbH. *Affected Versions*: * 2.3.0 * 2.2.0 *Indicators of Compromise*: Injected HTML elements in some specific user input fields with no proper escaping that are displayed in the confirmation pop-up. *Vulnerability Management*: We have rated the issue with a CVSS Score of 5.4 (Medium) with the following CVSS vector: `CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N`, and assigned `CVE-2024-28831`.

3 months

[2.4.0] Checkmk Werk 17030 created: huawei_osn_laser: Fix parsing issue

by Checkmk werks level 1

[//]: # (werk v2) # huawei_osn_laser: Fix parsing issue key | value ---------- | --- date | 2024-06-17T15:20:33+00:00 version | 2.4.0b1 class | fix edition | cre component | checks level | 1 compatible | yes Fixed a parsing issue in the huawei_osn_laser check plugin. The problem appeared every time a serivce was supposed to have an OK state and caused the check plugin to crash, and thus not deliver any result. The crash report ended with this line: C+: if "\n" in subresult[1]: C-: This has now been fixed.

3 months

[2.4.0] Checkmk Werk 17024 created: Fix XSS in Crash Report Page

by Checkmk werks level 1

[//]: # (werk v2) # Fix XSS in Crash Report Page key | value ---------- | --- date | 2024-06-06T13:17:36+00:00 version | 2.4.0b1 class | security edition | cre component | wato level | 1 compatible | yes Prior to this Werk, it was possible to inject HTML elements into Crash report URL in the Global settings, leading to an `XSS` vulnerability in the Crash reports page. This vulnerability was identified during a commissioned penetration test conducted by PS Positive Security GmbH. *Affected Versions*: * 2.3.0 * 2.2.0 * 2.1.0 * 2.0.0 (EOL) *Indicators of Compromise*: Check the crash report HTTP URL in the Global settings for suspicious HTML elements. *Vulnerability Management*: We have rated the issue with a CVSS Score of 4.8 Medium with the following CVSS vector: `CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N`. and assigned `CVE-2024-28832`.

3 months

[2.4.0] Checkmk Werk 17069 created: Synthetic Monitoring: Let test services go stale if no merged XML data is available

by Checkmk werks level 1

[//]: # (werk v2) # Synthetic Monitoring: Let test services go stale if no merged XML data is available key | value ---------- | --- date | 2024-06-17T09:57:45+00:00 version | 2.4.0b1 class | fix edition | cee component | checks level | 1 compatible | yes If the rebot command fails on a test node or if all attempts time out, no merged XML data is available on the Checkmk server. In this case, the corresponding plan service will report the standard message "Item not found in monitoring data" and go UNKNOWN. Before this werk, the test services behaved in the same way. As of this werk, they instead go stale, which is the intended behavior.

3 months

← Newer
1
...
7
8
9
10
11
12
13
...
28
Older →

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

Checkmk werks level1 June 2024