Checkmk werks level1 June 2024

checkmk-werks-lvl1@lists.checkmk.com

1 participants
272 discussions

[2.3.0] Checkmk Werk 16745 created: Fix wrong HW/SW inventory result if 'missing software packages'

by Checkmk werks level 1

[//]: # (werk v2) # Fix wrong HW/SW inventory result if 'missing software packages' key | value ---------- | --- date | 2024-06-14T09:49:53+00:00 version | 2.3.0p7 class | fix edition | cre component | inv level | 1 compatible | yes

3 months

[2.3.0] Checkmk Werk 16821 created: mssql_datafiles: Fix computation of maximum size

by Checkmk werks level 1

[//]: # (werk v2) # mssql_datafiles: Fix computation of maximum size key | value ---------- | --- date | 2024-06-10T21:07:52+00:00 version | 2.3.0p7 class | fix edition | cre component | checks level | 1 compatible | yes

3 months

[2.4.0] Checkmk Werk 16715 created: Rest API: Improvement of response data types

by Checkmk werks level 1

[//]: # (werk v2) # Rest API: Improvement of response data types key | value ---------- | --- date | 2024-06-13T14:07:51+00:00 version | 2.4.0b1 class | fix edition | cre component | rest-api level | 1 compatible | no In order to improvide the Rest API, adjustments have been made to the data types returned in the `comments` and `downtimes` endpoints as specified below: * `Show a comment` and `Show comments` endpoints: `entry_time` now shows the date stamp in ISO 8601 format. Before: "Jun 03 2024 06:05:41" Now: "2024-03-06T06:05:41+00:00" * `Show downtime` and `Show all schedulled downtimes`. `recurring` and `is_service` fields now are boolean types. Before: `recurring`: "yes" `is_service`: "no" Now: `recurring`: true `is_service`: false

3 months

[2.4.0] Checkmk Werk 17054 created: Test notifications: Match host and service level

by Checkmk werks level 1

[//]: # (werk v2) # Test notifications: Match host and service level key | value ---------- | --- date | 2024-06-17T09:54:41+00:00 version | 2.4.0b1 class | fix edition | cre component | notifications level | 1 compatible | yes Even if configured, host and service level did not match while testing notifications. This has been fixed.

3 months

[2.4.0] Checkmk Werk 16861 created: sql: Allow macros in 'Query or SQL statement' field

by Checkmk werks level 1

[//]: # (werk v2) # sql: Allow macros in 'Query or SQL statement' field key | value ---------- | --- date | 2024-06-13T15:56:27+00:00 version | 2.4.0b1 class | fix edition | cre component | checks level | 1 compatible | yes With the version 2.3, the usage of macros in the `Query or SQL statementw` field of the `Check SQL database` was disallowed. With this Werk, it's allowed again.

3 months

[2.4.0] Checkmk Werk 16745 created: Fix wrong HW/SW inventory result if 'missing software packages'

by Checkmk werks level 1

[//]: # (werk v2) # Fix wrong HW/SW inventory result if 'missing software packages' key | value ---------- | --- date | 2024-06-14T09:49:53+00:00 version | 2.4.0b1 class | fix edition | cre component | inv level | 1 compatible | yes

3 months

[2.4.0] Checkmk Werk 16821 created: mssql_datafiles: Fix computation of maximum size

by Checkmk werks level 1

[//]: # (werk v2) # mssql_datafiles: Fix computation of maximum size key | value ---------- | --- date | 2024-06-10T21:07:52+00:00 version | 2.4.0b1 class | fix edition | cre component | checks level | 1 compatible | yes

3 months

[2.1.0] Checkmk Werk 17009 created: XSS in inventory tree

by Checkmk werks level 1

Title: XSS in inventory tree Class: security Compatible: compat Component: inv Date: 1717744837 Edition: cre Level: 1 Version: 2.1.0p45 Prior to this Werk an attacker with control over an agent was able to inject HTML in the output which was then rendered in the inventory tree of the coresponding host. This problem exists only if the rule Do hardware/software inventory is set for the compromised agent/host. We found this vulnerability internally. Affected Versions: LI: 2.3.0 LI: 2.2.0 LI: 2.1.0 LI: 2.0.0 Mitigations: If you are unable to patch you can disable inventory scanning for all hosts. Indicators of Compromise: You can check <code>var/check_mk/inventory/</code> for inventories with embedded HTML. This only indicates current 'attacks'. Previous attacks (where the agent does not output the payload anymore) are not discoverable after some time (caching). Vulnerability Management: We have rated the issue with a CVSS Score of 6.5 (Medium) with the following CVSS vector: <code>CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L</code> We assigned CVE-2024-5741 to this vulnerability. Changes: This Werk adds sanitation to the HTML output.

3 months

[2.2.0] Checkmk Werk 17009 created: XSS in inventory tree

by Checkmk werks level 1

Title: XSS in inventory tree Class: security Compatible: compat Component: inv Date: 1717744837 Edition: cre Level: 1 Version: 2.2.0p28 Prior to this Werk an attacker with control over an agent was able to inject HTML in the output which was then rendered in the inventory tree of the coresponding host. This problem exists only if the rule Do hardware/software inventory is set for the compromised agent/host. We found this vulnerability internally. Affected Versions: LI: 2.3.0 LI: 2.2.0 LI: 2.1.0 LI: 2.0.0 Mitigations: If you are unable to patch you can disable inventory scanning for all hosts. Indicators of Compromise: You can check <code>var/check_mk/inventory/</code> for inventories with embedded HTML. This only indicates current 'attacks'. Previous attacks (where the agent does not output the payload anymore) are not discoverable after some time (caching). Vulnerability Management: We have rated the issue with a CVSS Score of 6.5 (Medium) with the following CVSS vector: <code>CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L</code> We assigned CVE-2024-5741 to this vulnerability. Changes: This Werk adds sanitation to the HTML output.

3 months

[2.4.0] Checkmk Werk 16786 created: ldap_connection: empty failover_server list should be considered disabled

by Checkmk werks level 1

[//]: # (werk v2) # ldap_connection: empty failover_server list should be considered disabled key | value ---------- | --- date | 2024-06-04T14:45:47+00:00 version | 2.4.0b1 class | fix edition | cre component | rest-api level | 1 compatible | yes When configuring an LDAP connection via the REST-API, the default value for the field failover_servers is an empty list. This value on the backend should be considered disabled and just not set. Previously, we were saving an empty list to the ldap config which was causing an error in the UI.

3 months

← Newer
1
...
10
11
12
13
14
15
16
...
28
Older →

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

Checkmk werks level1 June 2024