Werk 16122 was adapted. The following is the new Werk, a diff is shown at the end of the message.
Title: Fixed site matching for expected regular event console messages
Class: fix
Compatible: compat
Component: ec
Date: 1726052246
Edition: cre
Level: 1
Version: 2.2.0p35
Due to a regression in 2.2.0, the "Match site" option had no effect for
expected regular messages, i.e. it was effectively ignored in that case.
This has been fixed.
------------------------------------<diff>-------------------------------------------
Title: Fixed site matching for expected regular event console messages
Class: fix
Compatible: compat
Component: ec
Date: 1726052246
Edition: cre
Level: 1
- Version: 2.2.0p34
? ^
+ Version: 2.2.0p35
? ^
Due to a regression in 2.2.0, the "Match site" option had no effect for
expected regular messages, i.e. it was effectively ignored in that case.
This has been fixed.
Werk 17191 was adapted. The following is the new Werk, a diff is shown at the end of the message.
Title: mk_docker.py: Don't crash if a devices '/sys/block/DEVICE/dev' is missing
Class: fix
Compatible: compat
Component: checks
Date: 1726050962
Edition: cre
Level: 1
Version: 2.2.0p35
------------------------------------<diff>-------------------------------------------
Title: mk_docker.py: Don't crash if a devices '/sys/block/DEVICE/dev' is missing
Class: fix
Compatible: compat
Component: checks
Date: 1726050962
Edition: cre
Level: 1
- Version: 2.2.0p34
? ^
+ Version: 2.2.0p35
? ^
Werk 16218 was adapted. The following is the new Werk, a diff is shown at the end of the message.
Title: Fix 2FA bypass via RestAPI
Class: security
Compatible: compat
Component: wato
Date: 1725874171
Edition: cre
Level: 1
Version: 2.2.0p35
Previous to this Werk the RestAPI did not properly check if a user that is supposed to authenticated with multiple factors indeed authenticated fully.
This issue was found during internal review.
<em>Affected Versions</em>:
LI: 2.3.0
LI: 2.2.0
<em>Vulnerability Management</em>:
We have rated the issue with a CVSS Score of 9.2 High (<code>CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N</code>) and assigned <code>CVE-2024-8606</code>.
------------------------------------<diff>-------------------------------------------
Title: Fix 2FA bypass via RestAPI
Class: security
Compatible: compat
Component: wato
Date: 1725874171
Edition: cre
Level: 1
- Version: 2.2.0p34
? ^
+ Version: 2.2.0p35
? ^
Previous to this Werk the RestAPI did not properly check if a user that is supposed to authenticated with multiple factors indeed authenticated fully.
This issue was found during internal review.
<em>Affected Versions</em>:
LI: 2.3.0
LI: 2.2.0
<em>Vulnerability Management</em>:
We have rated the issue with a CVSS Score of 9.2 High (<code>CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N</code>) and assigned <code>CVE-2024-8606</code>.
Werk 16894 was adapted. The following is the new Werk, a diff is shown at the end of the message.
Title: ups_*: support for NetVision OIDs
Class: fix
Compatible: compat
Component: checks
Date: 1725978045
Edition: cre
Level: 1
Version: 2.2.0p35
Newer firmware for NetVision cards was not supported due to changed SNMP OIDs for UPS entries.
This change adds `.1.3.6.1.4.1.4555.1.1.7` and `.1.3.6.1.4.1.42610.1.4.4` to the detection lists.
------------------------------------<diff>-------------------------------------------
Title: ups_*: support for NetVision OIDs
Class: fix
Compatible: compat
Component: checks
Date: 1725978045
Edition: cre
Level: 1
- Version: 2.2.0p34
? ^
+ Version: 2.2.0p35
? ^
Newer firmware for NetVision cards was not supported due to changed SNMP OIDs for UPS entries.
This change adds `.1.3.6.1.4.1.4555.1.1.7` and `.1.3.6.1.4.1.42610.1.4.4` to the detection lists.
Werk 16807 was adapted. The following is the new Werk, a diff is shown at the end of the message.
Title: Ignore unknown "Disabled checks" during update config
Class: fix
Compatible: compat
Component: checks
Date: 1713961530
Edition: cre
Level: 1
Version: 2.2.0p35
If users had disabled checks that have since been removed or are temporarily unavailable (due to disabled MKPs for instance), they would be prompted with a message like
C+:
WARNING: Invalid rule configuration detected (Ruleset: ignored_checks, Title: Disabled checks, Folder: ,
-| Rule nr: 1, Exception: ifoperstatus is not an allowed value)
C-:
These invalid values are ignored now.
They do no harm and they are dropped upon editing the rule.
------------------------------------<diff>-------------------------------------------
Title: Ignore unknown "Disabled checks" during update config
Class: fix
Compatible: compat
Component: checks
Date: 1713961530
Edition: cre
Level: 1
- Version: 2.2.0p34
? ^
+ Version: 2.2.0p35
? ^
If users had disabled checks that have since been removed or are temporarily unavailable (due to disabled MKPs for instance), they would be prompted with a message like
C+:
WARNING: Invalid rule configuration detected (Ruleset: ignored_checks, Title: Disabled checks, Folder: ,
-| Rule nr: 1, Exception: ifoperstatus is not an allowed value)
C-:
These invalid values are ignored now.
They do no harm and they are dropped upon editing the rule.
Werk 17094 was adapted. The following is the new Werk, a diff is shown at the end of the message.
Title: Fix XSS on SAML login screen
Class: security
Compatible: compat
Component: wato
Date: 1725549833
Edition: cee
Level: 1
Version: 2.2.0p35
Prior to Werk, attackers could craft URLs that rendered clickable HTML links in the error box on the SAML login page.
This could facilitate phishing attacks by tricking users into clicking malicious links.
Links in the error message are now escaped and no longer clickable.
This issue was identified during internal review.
<em>Affected Versions</em>:
LI: 2.3.0
LI: 2.2.0
<em>Vulnerability Management</em>:
We have rated the issue with a CVSS Score of 5.1 Medium (<code>CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N</code>) and assigned <code>CVE-2024-38860</code>.
------------------------------------<diff>-------------------------------------------
Title: Fix XSS on SAML login screen
Class: security
Compatible: compat
Component: wato
Date: 1725549833
Edition: cee
Level: 1
- Version: 2.2.0p34
? ^
+ Version: 2.2.0p35
? ^
Prior to Werk, attackers could craft URLs that rendered clickable HTML links in the error box on the SAML login page.
This could facilitate phishing attacks by tricking users into clicking malicious links.
Links in the error message are now escaped and no longer clickable.
This issue was identified during internal review.
<em>Affected Versions</em>:
LI: 2.3.0
LI: 2.2.0
<em>Vulnerability Management</em>:
We have rated the issue with a CVSS Score of 5.1 Medium (<code>CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N</code>) and assigned <code>CVE-2024-38860</code>.
Werk 16123 was adapted. The following is the new Werk, a diff is shown at the end of the message.
Title: Use the original message text for rewriting the comment field
Class: fix
Compatible: compat
Component: ec
Date: 1726062847
Edition: cre
Level: 1
Version: 2.2.0p35
Werk 16534 made the rewriting of the comment field use the comment field
itself as the basis. For this field, it doesn't really make sense, because
rewriting is the only way to fill that field, so e.g. \0 was always empty.
With this change, we revert to the old behaviour where all match groups
refer to the original message text.
------------------------------------<diff>-------------------------------------------
Title: Use the original message text for rewriting the comment field
Class: fix
Compatible: compat
Component: ec
Date: 1726062847
Edition: cre
Level: 1
- Version: 2.2.0p34
? ^
+ Version: 2.2.0p35
? ^
Werk 16534 made the rewriting of the comment field use the comment field
itself as the basis. For this field, it doesn't really make sense, because
rewriting is the only way to fill that field, so e.g. \0 was always empty.
With this change, we revert to the old behaviour where all match groups
refer to the original message text.
Werk 16871 was adapted. The following is the new Werk, a diff is shown at the end of the message.
Title: smart: Monitor SATA disks connected via HBA
Class: fix
Compatible: compat
Component: checks
Date: 1726577620
Edition: cre
Level: 1
Version: 2.2.0p35
Previously, SATA disks connected via HBA weren't monitored by the smart
agent plugin. Now, they are monitored the same way as other ATA disks.
------------------------------------<diff>-------------------------------------------
Title: smart: Monitor SATA disks connected via HBA
Class: fix
Compatible: compat
Component: checks
Date: 1726577620
Edition: cre
Level: 1
- Version: 2.2.0p34
? ^
+ Version: 2.2.0p35
? ^
Previously, SATA disks connected via HBA weren't monitored by the smart
agent plugin. Now, they are monitored the same way as other ATA disks.
Werk 16585 was adapted. The following is the new Werk, a diff is shown at the end of the message.
Title: mk_jolokia: Add compatibility for / in MBeans
Class: fix
Compatible: compat
Component: checks
Date: 1711037404
Edition: cre
Level: 1
Version: 2.2.0p35
Previously it was not possible to select an MBean that had a path separator. This Werk implements the Jolokia path separator <code>!/</code>.
An example is shown in the following fragment of the jolokia.cfg file:
C+:
...
custom_vars = [('Catalina:J2EEApplication=none,J2EEServer=none,WebModule=*localhost!/docs,j2eeType=Servlet,name=default','requestCount','myspecialmetric',[],False,'number')]]
...
C-:
This will match the entry <code>myinstance,Catalina:J2EEApplication=none,J2EEServer=none,WebModule=//localhost/docs,j2eeType=Servlet,name=defaultmyspecialmetric.requestCount0number</code>
------------------------------------<diff>-------------------------------------------
Title: mk_jolokia: Add compatibility for / in MBeans
Class: fix
Compatible: compat
Component: checks
Date: 1711037404
Edition: cre
Level: 1
- Version: 2.2.0p34
? ^
+ Version: 2.2.0p35
? ^
Previously it was not possible to select an MBean that had a path separator. This Werk implements the Jolokia path separator <code>!/</code>.
An example is shown in the following fragment of the jolokia.cfg file:
C+:
...
custom_vars = [('Catalina:J2EEApplication=none,J2EEServer=none,WebModule=*localhost!/docs,j2eeType=Servlet,name=default','requestCount','myspecialmetric',[],False,'number')]]
...
C-:
This will match the entry <code>myinstance,Catalina:J2EEApplication=none,J2EEServer=none,WebModule=//localhost/docs,j2eeType=Servlet,name=defaultmyspecialmetric.requestCount0number</code>
Title: Fix 2FA bypass via RestAPI
Class: security
Compatible: compat
Component: wato
Date: 1725874171
Edition: cre
Level: 1
Version: 2.2.0p34
Previous to this Werk the RestAPI did not properly check if a user that is supposed to authenticated with multiple factors indeed authenticated fully.
This issue was found during internal review.
<em>Affected Versions</em>:
LI: 2.3.0
LI: 2.2.0
<em>Vulnerability Management</em>:
We have rated the issue with a CVSS Score of 9.2 High (<code>CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N</code>) and assigned <code>CVE-2024-8606</code>.