Checkmk werks level1 September 2024

checkmk-werks-lvl1@lists.checkmk.com

1 participants
142 discussions

[2.2.0] Checkmk Werk 16122 adapted: Fixed site matching for expected regular event console messages

by Checkmk werks level 1

Werk 16122 was adapted. The following is the new Werk, a diff is shown at the end of the message. Title: Fixed site matching for expected regular event console messages Class: fix Compatible: compat Component: ec Date: 1726052246 Edition: cre Level: 1 Version: 2.2.0p35 Due to a regression in 2.2.0, the "Match site" option had no effect for expected regular messages, i.e. it was effectively ignored in that case. This has been fixed. ------------------------------------<diff>------------------------------------------- Title: Fixed site matching for expected regular event console messages Class: fix Compatible: compat Component: ec Date: 1726052246 Edition: cre Level: 1 - Version: 2.2.0p34 ? ^ + Version: 2.2.0p35 ? ^ Due to a regression in 2.2.0, the "Match site" option had no effect for expected regular messages, i.e. it was effectively ignored in that case. This has been fixed.

3 hours, 30 minutes

[2.2.0] Checkmk Werk 17191 adapted: mk_docker.py: Don't crash if a devices '/sys/block/DEVICE/dev' is missing

by Checkmk werks level 1

Werk 17191 was adapted. The following is the new Werk, a diff is shown at the end of the message. Title: mk_docker.py: Don't crash if a devices '/sys/block/DEVICE/dev' is missing Class: fix Compatible: compat Component: checks Date: 1726050962 Edition: cre Level: 1 Version: 2.2.0p35 ------------------------------------<diff>------------------------------------------- Title: mk_docker.py: Don't crash if a devices '/sys/block/DEVICE/dev' is missing Class: fix Compatible: compat Component: checks Date: 1726050962 Edition: cre Level: 1 - Version: 2.2.0p34 ? ^ + Version: 2.2.0p35 ? ^

3 hours, 30 minutes

[2.2.0] Checkmk Werk 16218 adapted: Fix 2FA bypass via RestAPI

by Checkmk werks level 1

Werk 16218 was adapted. The following is the new Werk, a diff is shown at the end of the message. Title: Fix 2FA bypass via RestAPI Class: security Compatible: compat Component: wato Date: 1725874171 Edition: cre Level: 1 Version: 2.2.0p35 Previous to this Werk the RestAPI did not properly check if a user that is supposed to authenticated with multiple factors indeed authenticated fully. This issue was found during internal review. Affected Versions: LI: 2.3.0 LI: 2.2.0 Vulnerability Management: We have rated the issue with a CVSS Score of 9.2 High (<code>CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N</code>) and assigned <code>CVE-2024-8606</code>. ------------------------------------<diff>------------------------------------------- Title: Fix 2FA bypass via RestAPI Class: security Compatible: compat Component: wato Date: 1725874171 Edition: cre Level: 1 - Version: 2.2.0p34 ? ^ + Version: 2.2.0p35 ? ^ Previous to this Werk the RestAPI did not properly check if a user that is supposed to authenticated with multiple factors indeed authenticated fully. This issue was found during internal review. Affected Versions: LI: 2.3.0 LI: 2.2.0 Vulnerability Management: We have rated the issue with a CVSS Score of 9.2 High (<code>CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N</code>) and assigned <code>CVE-2024-8606</code>.

3 hours, 30 minutes

[2.2.0] Checkmk Werk 16894 adapted: ups_*: support for NetVision OIDs

by Checkmk werks level 1

Werk 16894 was adapted. The following is the new Werk, a diff is shown at the end of the message. Title: ups_*: support for NetVision OIDs Class: fix Compatible: compat Component: checks Date: 1725978045 Edition: cre Level: 1 Version: 2.2.0p35 Newer firmware for NetVision cards was not supported due to changed SNMP OIDs for UPS entries. This change adds `.1.3.6.1.4.1.4555.1.1.7` and `.1.3.6.1.4.1.42610.1.4.4` to the detection lists. ------------------------------------<diff>------------------------------------------- Title: ups_*: support for NetVision OIDs Class: fix Compatible: compat Component: checks Date: 1725978045 Edition: cre Level: 1 - Version: 2.2.0p34 ? ^ + Version: 2.2.0p35 ? ^ Newer firmware for NetVision cards was not supported due to changed SNMP OIDs for UPS entries. This change adds `.1.3.6.1.4.1.4555.1.1.7` and `.1.3.6.1.4.1.42610.1.4.4` to the detection lists.

3 hours, 30 minutes

[2.2.0] Checkmk Werk 16807 adapted: Ignore unknown "Disabled checks" during update config

by Checkmk werks level 1

Werk 16807 was adapted. The following is the new Werk, a diff is shown at the end of the message. Title: Ignore unknown "Disabled checks" during update config Class: fix Compatible: compat Component: checks Date: 1713961530 Edition: cre Level: 1 Version: 2.2.0p35 If users had disabled checks that have since been removed or are temporarily unavailable (due to disabled MKPs for instance), they would be prompted with a message like C+: WARNING: Invalid rule configuration detected (Ruleset: ignored_checks, Title: Disabled checks, Folder: , -| Rule nr: 1, Exception: ifoperstatus is not an allowed value) C-: These invalid values are ignored now. They do no harm and they are dropped upon editing the rule. ------------------------------------<diff>------------------------------------------- Title: Ignore unknown "Disabled checks" during update config Class: fix Compatible: compat Component: checks Date: 1713961530 Edition: cre Level: 1 - Version: 2.2.0p34 ? ^ + Version: 2.2.0p35 ? ^ If users had disabled checks that have since been removed or are temporarily unavailable (due to disabled MKPs for instance), they would be prompted with a message like C+: WARNING: Invalid rule configuration detected (Ruleset: ignored_checks, Title: Disabled checks, Folder: , -| Rule nr: 1, Exception: ifoperstatus is not an allowed value) C-: These invalid values are ignored now. They do no harm and they are dropped upon editing the rule.

3 hours, 30 minutes

[2.2.0] Checkmk Werk 17094 adapted: Fix XSS on SAML login screen

by Checkmk werks level 1

Werk 17094 was adapted. The following is the new Werk, a diff is shown at the end of the message. Title: Fix XSS on SAML login screen Class: security Compatible: compat Component: wato Date: 1725549833 Edition: cee Level: 1 Version: 2.2.0p35 Prior to Werk, attackers could craft URLs that rendered clickable HTML links in the error box on the SAML login page. This could facilitate phishing attacks by tricking users into clicking malicious links. Links in the error message are now escaped and no longer clickable. This issue was identified during internal review. Affected Versions: LI: 2.3.0 LI: 2.2.0 Vulnerability Management: We have rated the issue with a CVSS Score of 5.1 Medium (<code>CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N</code>) and assigned <code>CVE-2024-38860</code>. ------------------------------------<diff>------------------------------------------- Title: Fix XSS on SAML login screen Class: security Compatible: compat Component: wato Date: 1725549833 Edition: cee Level: 1 - Version: 2.2.0p34 ? ^ + Version: 2.2.0p35 ? ^ Prior to Werk, attackers could craft URLs that rendered clickable HTML links in the error box on the SAML login page. This could facilitate phishing attacks by tricking users into clicking malicious links. Links in the error message are now escaped and no longer clickable. This issue was identified during internal review. Affected Versions: LI: 2.3.0 LI: 2.2.0 Vulnerability Management: We have rated the issue with a CVSS Score of 5.1 Medium (<code>CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N</code>) and assigned <code>CVE-2024-38860</code>.

3 hours, 30 minutes

[2.2.0] Checkmk Werk 16123 adapted: Use the original message text for rewriting the comment field

by Checkmk werks level 1

Werk 16123 was adapted. The following is the new Werk, a diff is shown at the end of the message. Title: Use the original message text for rewriting the comment field Class: fix Compatible: compat Component: ec Date: 1726062847 Edition: cre Level: 1 Version: 2.2.0p35 Werk 16534 made the rewriting of the comment field use the comment field itself as the basis. For this field, it doesn't really make sense, because rewriting is the only way to fill that field, so e.g. \0 was always empty. With this change, we revert to the old behaviour where all match groups refer to the original message text. ------------------------------------<diff>------------------------------------------- Title: Use the original message text for rewriting the comment field Class: fix Compatible: compat Component: ec Date: 1726062847 Edition: cre Level: 1 - Version: 2.2.0p34 ? ^ + Version: 2.2.0p35 ? ^ Werk 16534 made the rewriting of the comment field use the comment field itself as the basis. For this field, it doesn't really make sense, because rewriting is the only way to fill that field, so e.g. \0 was always empty. With this change, we revert to the old behaviour where all match groups refer to the original message text.

3 hours, 30 minutes

[2.2.0] Checkmk Werk 16871 adapted: smart: Monitor SATA disks connected via HBA

by Checkmk werks level 1

Werk 16871 was adapted. The following is the new Werk, a diff is shown at the end of the message. Title: smart: Monitor SATA disks connected via HBA Class: fix Compatible: compat Component: checks Date: 1726577620 Edition: cre Level: 1 Version: 2.2.0p35 Previously, SATA disks connected via HBA weren't monitored by the smart agent plugin. Now, they are monitored the same way as other ATA disks. ------------------------------------<diff>------------------------------------------- Title: smart: Monitor SATA disks connected via HBA Class: fix Compatible: compat Component: checks Date: 1726577620 Edition: cre Level: 1 - Version: 2.2.0p34 ? ^ + Version: 2.2.0p35 ? ^ Previously, SATA disks connected via HBA weren't monitored by the smart agent plugin. Now, they are monitored the same way as other ATA disks.

3 hours, 30 minutes

[2.2.0] Checkmk Werk 16585 adapted: mk_jolokia: Add compatibility for / in MBeans

by Checkmk werks level 1

Werk 16585 was adapted. The following is the new Werk, a diff is shown at the end of the message. Title: mk_jolokia: Add compatibility for / in MBeans Class: fix Compatible: compat Component: checks Date: 1711037404 Edition: cre Level: 1 Version: 2.2.0p35 Previously it was not possible to select an MBean that had a path separator. This Werk implements the Jolokia path separator <code>!/</code>. An example is shown in the following fragment of the jolokia.cfg file: C+: ... custom_vars = [('Catalina:J2EEApplication=none,J2EEServer=none,WebModule=*localhost!/docs,j2eeType=Servlet,name=default','requestCount','myspecialmetric',[],False,'number')]] ... C-: This will match the entry <code>myinstance,Catalina:J2EEApplication=none,J2EEServer=none,WebModule=//localhost/docs,j2eeType=Servlet,name=defaultmyspecialmetric.requestCount0number</code> ------------------------------------<diff>------------------------------------------- Title: mk_jolokia: Add compatibility for / in MBeans Class: fix Compatible: compat Component: checks Date: 1711037404 Edition: cre Level: 1 - Version: 2.2.0p34 ? ^ + Version: 2.2.0p35 ? ^ Previously it was not possible to select an MBean that had a path separator. This Werk implements the Jolokia path separator <code>!/</code>. An example is shown in the following fragment of the jolokia.cfg file: C+: ... custom_vars = [('Catalina:J2EEApplication=none,J2EEServer=none,WebModule=*localhost!/docs,j2eeType=Servlet,name=default','requestCount','myspecialmetric',[],False,'number')]] ... C-: This will match the entry <code>myinstance,Catalina:J2EEApplication=none,J2EEServer=none,WebModule=//localhost/docs,j2eeType=Servlet,name=defaultmyspecialmetric.requestCount0number</code>

3 hours, 30 minutes

[2.2.0] Checkmk Werk 16218 created: Fix 2FA bypass via RestAPI

by Checkmk werks level 1

Title: Fix 2FA bypass via RestAPI Class: security Compatible: compat Component: wato Date: 1725874171 Edition: cre Level: 1 Version: 2.2.0p34 Previous to this Werk the RestAPI did not properly check if a user that is supposed to authenticated with multiple factors indeed authenticated fully. This issue was found during internal review. Affected Versions: LI: 2.3.0 LI: 2.2.0 Vulnerability Management: We have rated the issue with a CVSS Score of 9.2 High (<code>CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N</code>) and assigned <code>CVE-2024-8606</code>.

3 hours, 31 minutes

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

Checkmk werks level1 September 2024