Werk 15713 was adapted. The following is the new Werk, a diff is shown at the end of the message.
Title: NagVis: Updated to 1.9.38
Class: security
Compatible: compat
Component: packages
Date: 1697312456
Edition: cre
Knowledge: doc
Level: 1
Version: 2.2.0p12
NagVis 1.9.38 fixes a XSS issue
<b>Vulnerability Management</b>:
We have rated the issue with a CVSS Score of 8.4 (High) with the following CVSS vector:
<tt>CVSS: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H 8.4</tt>.
CVE-2023-46287 was assigned to this issue.
<b>Changes</b>:
This Werk introduces escaping for the vulnerable parameter.
------------------------------------<diff>-------------------------------------------
Title: NagVis: Updated to 1.9.38
Class: security
Compatible: compat
Component: packages
Date: 1697312456
Edition: cre
Knowledge: doc
Level: 1
Version: 2.2.0p12
NagVis 1.9.38 fixes a XSS issue
<b>Vulnerability Management</b>:
We have rated the issue with a CVSS Score of 8.4 (High) with the following CVSS vector:
<tt>CVSS: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H 8.4</tt>.
+ CVE-2023-46287 was assigned to this issue.
+
<b>Changes</b>:
This Werk introduces escaping for the vulnerable parameter.
Title: dell_poweredge_status: crash on unknown state
Class: fix
Compatible: compat
Component: checks
Date: 1698738832
Edition: cre
Knowledge: doc
Level: 1
State: unknown
Version: 2.2.0p14
If the device returned an unknown state for <tt>globalSystemStatus</tt>
dell_poweredge_status crashed with error <tt>ValueError: not enough values to
unpack (expected 2, got 1)</tt>.
The new behavior is, that the service will be cirital and report <tt>unknown
state</tt> as system status.
Title: azure: adjustment of help text for App Registrations option
Class: fix
Compatible: compat
Component: checks
Date: 1698932842
Edition: cre
Knowledge: undoc
Level: 1
State: unknown
Version: 2.2.0p14
Prior to this werk, the help text for the Azure Datasource program
left out the 'App Registrations' as one of the options which require
graph API specific permissions. This is now added.
Werk 15713 was adapted. The following is the new Werk, a diff is shown at the end of the message.
Title: NagVis: Updated to 1.9.38
Class: security
Compatible: compat
Component: packages
Date: 1697312456
Edition: cre
Knowledge: doc
Level: 1
Version: 2.3.0b1
NagVis 1.9.38 fixes a XSS issue
<b>Vulnerability Management</b>:
We have rated the issue with a CVSS Score of 8.4 (High) with the following CVSS vector:
<tt>CVSS: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H 8.4</tt>.
CVE-2023-46287 was assigned to this issue.
<b>Changes</b>:
This Werk introduces escaping for the vulnerable parameter.
------------------------------------<diff>-------------------------------------------
Title: NagVis: Updated to 1.9.38
Class: security
Compatible: compat
Component: packages
Date: 1697312456
Edition: cre
Knowledge: doc
Level: 1
Version: 2.3.0b1
NagVis 1.9.38 fixes a XSS issue
<b>Vulnerability Management</b>:
We have rated the issue with a CVSS Score of 8.4 (High) with the following CVSS vector:
<tt>CVSS: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H 8.4</tt>.
+ CVE-2023-46287 was assigned to this issue.
+
<b>Changes</b>:
This Werk introduces escaping for the vulnerable parameter.
Title: dell_poweredge_status: crash on unknown state
Class: fix
Compatible: compat
Component: checks
Date: 1698738832
Edition: cre
Level: 1
Version: 2.3.0b1
If the device returned an unknown state for
The new behavior is, that the service will be cirital and report
Title: azure: adjustment of help text for App Registrations option
Class: fix
Compatible: compat
Component: checks
Date: 1698932842
Edition: cre
Level: 1
Version: 2.3.0b1
Prior to this werk, the help text for the Azure Datasource program
left out the 'App Registrations' as one of the options which require
graph API specific permissions. This is now added.
Title: Activate changes now shows user and source of currently running activation
Class: feature
Compatible: compat
Component: wato
Date: 1699016858
Edition: cre
Level: 1
Version: 2.3.0b1
If you try to activate changes and another activation is currently in progress,
you will now see the user who has started the activation and the source of the
activation in the shown warning message.
Possible sources are "GUI", "REST API" and "INTERNAL".
Title: dell_poweredge_status: crash on unknown state
Class: fix
Compatible: compat
Component: checks
Date: 1698738832
Edition: cre
Knowledge: doc
Level: 1
Version: 2.1.0p37
If the device returned an unknown state for <tt>globalSystemStatus</tt>
dell_poweredge_status crashed with error <tt>ValueError: not enough values to
unpack (expected 2, got 1)</tt>.
The new behavior is, that the service will be cirital and report <tt>unknown
state</tt> as system status.