Checkmk werks level1

checkmk-werks-lvl1@lists.checkmk.com

1 participants
15886 discussions

Check_MK Werk 2388: Fixed reflected XSS on the index page using the start_url parameter

by Lars Michelsen

ID: 2388 Title: Fixed reflected XSS on the index page using the start_url parameter Component: Multisite Level: 1 Class: Security Fix Version: 1.2.7i3

9 years, 2 months

Check_MK Werk 2370: Fix computation of "in downtime" and "acknownledged" of hosts in BI aggregations

by Mathias Kettner

ID: 2370 Title: Fix computation of "in downtime" and "acknownledged" of hosts in BI aggregations Component: BI Level: 2 Class: Bug Fix Version: 1.2.7i3 BI automatically aggregates downtimes and acknowledgements. But for host nodes in a BI tree these two states had been swapped. This has been fixed.

9 years, 2 months

Check_MK Werk 2369: Fix exception in BI availability via table "Hostname Aggregations"

by Mathias Kettner

ID: 2369 Title: Fix exception in BI availability via table "Hostname Aggregations" Component: BI Level: 2 Class: Bug Fix Version: 1.2.7i3

9 years, 2 months

Check_MK Werk 2387: Fixed XSS problem on all pages using confirm dialogs outputting user provided parameters

by Lars Michelsen

ID: 2387 Title: Fixed XSS problem on all pages using confirm dialogs outputting user provided parameters Component: Multisite Level: 1 Class: Security Fix Version: 1.2.7i3 On some pages, like for example the host group management page of WATO, it was possible to inject user provided HTML/Javascript code into the confirm messages. An attacker could use this to let an authenticated user open a prepared URL for privilege escalation.

9 years, 2 months

Check_MK Werk 2386: Fixed possible XSS on WATO rule edit page

by Lars Michelsen

ID: 2386 Title: Fixed possible XSS on WATO rule edit page Component: WATO Level: 1 Class: Security Fix Version: 1.2.7i3 A possible XSS injection has been fixed on the rule edit page of WATO. It was possible to inject javascript code using the HTTP parameters the page is processing.

9 years, 2 months

Check_MK Werk 2385: Fixed possible reflected XSS on all GUI pages where users can produce unhandled exceptions

by Lars Michelsen

ID: 2385 Title: Fixed possible reflected XSS on all GUI pages where users can produce unhandled exceptions Component: Multisite Level: 1 Class: Security Fix Version: 1.2.7i3 On pages where an authenticated user can trigger an exception which is then displayed to the user as "Internal error" dialog with details about the exception, it was possible for the user to inject javascript code which was executed in the context of the authenticated user. This has been fixed that javascript/html code which is injected is being escaped correctly.

9 years, 2 months

Check_MK Werk 2384: Prevent user passwords from being visible in webserver log on user creation

by Lars Michelsen

ID: 2384 Title: Prevent user passwords from being visible in webserver log on user creation Component: WATO Level: 1 Class: Security Fix Version: 1.2.7i3 When a user is created using WATO, the set values of the form fields were logged directly into the webserver access log, because the form of this page used the GET request method. Users which have access to the log files would be able to see the initial passwords. If you use an older version of Check_MK it is a good idea to set the "Change password at next login or access" to force the user to change his password on first login. We changed this form to perform a POST request now to prevent these information being written to the logs.

9 years, 2 months

Check_MK Werk 2318: windows agent: no longer crashes when a cached plugin has several hundred sections

by Andreas Boesl

ID: 2318 Title: windows agent: no longer crashes when a cached plugin has several hundred sections Component: Checks & Agents Level: 1 Class: Bug Fix Version: 1.2.7i3 The windows agent crashed when a single cached plugin reported several hundred sections. Cached plugins needs to be postprocessed, which requires additional heap buffer. The extra heap buffer was set to a too small value. This has been fixed.

9 years, 2 months

Check_MK Werk 2368: ucd_cpu_load: fix exception in case of dump SNMP agent sending 12, 540000 instead of 12.540000

by Mathias Kettner

ID: 2368 Title: ucd_cpu_load: fix exception in case of dump SNMP agent sending 12,540000 instead of 12.540000 Component: Checks & Agents Level: 1 Class: Bug Fix Version: 1.2.7i3

9 years, 2 months

Check_MK Werk 2383: FreeBSD Agent: Fixed handling <<<ps>>> section when jailed

by Lars Michelsen

ID: 2383 Title: FreeBSD Agent: Fixed handling <<<ps>>> section when jailed Component: Checks & Agents Level: 1 Class: Bug Fix Version: 1.2.7i3

9 years, 2 months

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

Checkmk werks level1