Checkmk werks level1

checkmk-werks-lvl1@lists.checkmk.com

1 participants
15873 discussions

[2.3.0] Checkmk Werk 17090 created: Fix Various CSRF Issues

by Checkmk werks level 1

[//]: # (werk v2) # Fix Various CSRF Issues key | value ---------- | --- date | 2024-06-21T08:32:14+00:00 version | 2.3.0p8 class | security edition | cre component | wato level | 1 compatible | yes This Werk adds priviously missing CSRF-Token validation to various endpoints in WATO. The lack of CSRF-Token validation could allow an attacker to perform actions on behalf of a user without their consent, by tricking the user into visiting clicking on a malicious link. This vulnerability was identified during a commissioned penetration test conducted by PS Positive Security GmbH. *Affected Versions*: * 2.3.0 * 2.2.0 * 2.1.0 * 2.0.0 (EOL) *Vulnerability Management*: We have rated the issue with a CVSS Score of 8.8 High (`CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H`) and assigned `CVE-2024-28828`.

2 months, 3 weeks

[2.3.0] Checkmk Werk 17010 created: XSS in SQL check parameters

by Checkmk werks level 1

[//]: # (werk v2) # XSS in SQL check parameters key | value ---------- | --- date | 2024-06-17T10:08:19+00:00 version | 2.3.0p7 class | security edition | cre component | wato level | 1 compatible | yes Prior to this Werk an attacher could add HTML to one parameter of the *Check SQL database* rule which was executed on the overview page. We found this vulnerability internally. **Affected Versions**: LI: 2.3.0 LI: 2.2.0 LI: 2.1.0 LI: 2.0.0 (probably older versions as well) **Indicators of Compromis**: The creation of such rules is logged in the audit log. You can therefore check the `wato_audit.log` either on the terminal or in the UI for entries that contain malicious HTML. **Vulnerability Management**: We have rated the issue with a CVSS Score of 6.5 (Medium) with the following CVSS vector: `CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L` We assigned CVE-2024-6052 to this vulnerability. **Changes**: This Werk fixes the escaping.

2 months, 3 weeks

[2.3.0] Checkmk Werk 16845 adapted: fix a privilege escalation vulnerability in the Checkmk Windows Agent

by Checkmk werks level 1

Werk 16845 was adapted. The following is the new Werk, a diff is shown at the end of the message. [//]: # (werk v2) # fix a privilege escalation vulnerability in the Checkmk Windows Agent key | value ---------- | --- date | 2024-07-01T14:23:18+00:00 version | 2.3.0p8 class | security edition | cre component | checks level | 2 compatible | yes This Werk fixes a privilege escalation vulnerability in the Checkmk Windows Agent. Prior to this Werk, it was possible for authenticated users on the monitored Windows host to execute commands as administrator account that is used to run the Agent, allowing them to elevate their privileges. The reason for this issue were excessive write permissions on the `ProgramData\checkmk\agent` directory. Note that you must update Checkmk as well as the agent in order to apply this fix. This issue was found in a commissioned penetration test conducted by modzero GmbH. *Affected Versions*: * 2.3.0 * 2.2.0 * 2.1.0 *Mitigations*: If updating is not possible, you can manually remove write access for non-admin users on the `ProgramData\checkmk\agent` folder. To do this, navigate to the folder's property settings and make sure to verify the special permissions and advanced permission settings in addition to the basic permission settings. *Vulnerability Management*: We have rated the issue with a CVSS Score of 8.8 High (`CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H`) and assigned `CVE-2024-28827`. ------------------------------------<diff>------------------------------------------- [//]: # (werk v2) - # reserved + # fix a privilege escalation vulnerability in the Checkmk Windows Agent key | value ---------- | --- date | 2024-07-01T14:23:18+00:00 version | 2.3.0p8 - class | fix ? ^ ^ + class | security ? ^^^^^ ^^ edition | cre component | checks level | 2 compatible | yes - reserved + This Werk fixes a privilege escalation vulnerability in the Checkmk Windows + Agent. + Prior to this Werk, it was possible for authenticated users on the monitored + Windows host to execute commands as administrator account that is used to run + the Agent, allowing them to elevate their privileges. + The reason for this issue were excessive write permissions on the + `ProgramData\checkmk\agent` directory. + + Note that you must update Checkmk as well as the agent in order to apply this + fix. + + This issue was found in a commissioned penetration test conducted by modzero + GmbH. + + *Affected Versions*: + + * 2.3.0 + * 2.2.0 + * 2.1.0 + + *Mitigations*: + + If updating is not possible, you can manually remove write access for non-admin + users on the `ProgramData\checkmk\agent` folder. + To do this, navigate to the folder's property settings and make sure to verify + the special permissions and advanced permission settings in addition to the + basic permission settings. + + *Vulnerability Management*: + + We have rated the issue with a CVSS Score of 8.8 High (`CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H`) + and assigned `CVE-2024-28827`. +

2 months, 3 weeks

[2.3.0] Checkmk Werk 16845 adapted: reserved

by Checkmk werks level 1

Werk 16845 was adapted. The following is the new Werk, a diff is shown at the end of the message. [//]: # (werk v2) # reserved key | value ---------- | --- date | 2024-07-01T14:23:18+00:00 version | 2.3.0p8 class | fix edition | cre component | checks level | 2 compatible | yes reserved ------------------------------------<diff>------------------------------------------- [//]: # (werk v2) - # fix a privilege escalation vulnerability in the Checkmk Windows Agent + # reserved key | value ---------- | --- date | 2024-07-01T14:23:18+00:00 version | 2.3.0p8 - class | security ? ^^^^^ ^^ + class | fix ? ^ ^ edition | cre component | checks level | 2 compatible | yes + reserved - This Werk fixes a privilege escalation vulnerability in the Checkmk Windows - Agent. - Prior to this Werk, it was possible for authenticated users on the monitored - Windows host to execute commands as administrator account that is used to run - the Agent, allowing them to elevate their privileges. - The reason for this issue were excessive write permissions on the - `ProgramData\checkmk\agent` directory. - - Note that you must update Checkmk as well as the agent in order to apply this - fix. - - This issue was found in a commissioned penetration test conducted by modzero - GmbH. - - *Affected Versions*: - - * 2.3.0 - * 2.2.0 - * 2.1.0 - - *Mitigations*: - - If updating is not possible, you can manually remove write access for non-admin - users on the `ProgramData\checkmk\agent` folder. - To do this, navigate to the folder's property settings and make sure to verify - the special permissions and advanced permission settings in addition to the - basic permission settings. - - *Vulnerability Management*: - - We have rated the issue with a CVSS Score of 8.8 High (`CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H`) - and assigned `CVE-2024-28827`. -

2 months, 3 weeks

[2.3.0] Checkmk Werk 16845 created: fix a privilege escalation vulnerability in the Checkmk Windows Agent

by Checkmk werks level 1

[//]: # (werk v2) # fix a privilege escalation vulnerability in the Checkmk Windows Agent key | value ---------- | --- date | 2024-07-01T14:23:18+00:00 version | 2.3.0p8 class | security edition | cre component | checks level | 2 compatible | yes This Werk fixes a privilege escalation vulnerability in the Checkmk Windows Agent. Prior to this Werk, it was possible for authenticated users on the monitored Windows host to execute commands as administrator account that is used to run the Agent, allowing them to elevate their privileges. The reason for this issue were excessive write permissions on the `ProgramData\checkmk\agent` directory. Note that you must update Checkmk as well as the agent in order to apply this fix. This issue was found in a commissioned penetration test conducted by modzero GmbH. *Affected Versions*: * 2.3.0 * 2.2.0 * 2.1.0 *Mitigations*: If updating is not possible, you can manually remove write access for non-admin users on the `ProgramData\checkmk\agent` folder. To do this, navigate to the folder's property settings and make sure to verify the special permissions and advanced permission settings in addition to the basic permission settings. *Vulnerability Management*: We have rated the issue with a CVSS Score of 8.8 High (`CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H`) and assigned `CVE-2024-28827`.

2 months, 3 weeks

[2.3.0] Checkmk Werk 16434 adapted: Synthetic Monitoring: Privilege Escalation

by Checkmk werks level 1

Werk 16434 was adapted. The following is the new Werk, a diff is shown at the end of the message. [//]: # (werk v2) # Synthetic Monitoring: Privilege Escalation key | value ---------- | --- date | 2024-06-24T14:56:31+00:00 version | 2.3.0p8 class | security edition | cee component | agents level | 1 compatible | yes The Robotmk scheduler was affected by a privilege escalation issue. This issue affects users, which have configured the rule `Robotmk scheduler (Windows)`. Specifically, an attacker is able to exploit the issue, if 1. `Automated environment setup (via RCC)` was configured in the `Robotmk scheduler (Windows)` rule, 2. the same plan was configured without configuring `Execute plan as a specific user` 3. and a user on the host, onto which the scheduler has been deployed, was compromised. In this event, the attacker could gain SYSTEM privileges on the host. If `Execute plan as a specific user` _is_ configured, then the attacker could compromise that specific user, rather than SYSTEM. There is a second similar, but distinct issue. If - there are two or more plans configured with `Execute plan as a specific user` with distinct users - and one of the configured users was already compromised. The attacker could then compromise the other user. *Background*: The Robotmk scheduler is started by the Checkmk agent that runs with SYSTEM privileges. Moreover, Robotmk allows the user to automatically build Python environments via RCC. During setup the scheduler would enable a RCC feature called `shared holotree usage`. This feature allows all users on the host to edit these Python environments. Thus, any compromised user on the host is also able to compromise a user, which executes code from these shared environments. With this Werk, `shared holotree usage` will no longer be enabled. Affected users will have their access to the vulnerable Python environments revoked. Moreover, the permissions inside of the working directory of Robotmk have been reworked. Users now only have access to directories, which are required for their own executions. Note, you must update both Checkmk and redeploy the latest Robotmk Scheduler. *Affected Versions*: * 2.3.0 *Mitigations*: If updating is not possible: * Do not use the rule `Automated environment setup (via RCC)`. * Always use the same user for `Execute plan as a specific user`. *Vulnerability Management*: We have rated the issue with a CVSS Score of 7.8 (High) with the following CVSS vector: `CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H` and requested a CVE. ------------------------------------<diff>------------------------------------------- [//]: # (werk v2) # Synthetic Monitoring: Privilege Escalation key | value ---------- | --- date | 2024-06-24T14:56:31+00:00 version | 2.3.0p8 class | security edition | cee component | agents level | 1 compatible | yes The Robotmk scheduler was affected by a privilege escalation issue. This issue affects users, which have configured the rule `Robotmk scheduler (Windows)`. Specifically, an attacker is able to exploit the issue, if 1. `Automated environment setup (via RCC)` was configured in the `Robotmk scheduler (Windows)` rule, 2. the same plan was configured without configuring `Execute plan as a specific user` 3. and a user on the host, onto which the scheduler has been deployed, was compromised. In this event, the attacker could gain SYSTEM privileges on the host. If `Execute plan as a specific user` _is_ configured, then the attacker could compromise that specific user, rather than SYSTEM. There is a second similar, but distinct issue. If - there are two or more plans configured with `Execute plan as a specific user` with distinct users - and one of the configured users was already compromised. The attacker could then compromise the other user. *Background*: The Robotmk scheduler is started by the Checkmk agent that runs with SYSTEM privileges. Moreover, Robotmk allows the user to automatically build Python environments via RCC. During setup the scheduler would enable a RCC feature called `shared holotree usage`. This feature allows all users on the host to edit these Python environments. Thus, any compromised user on the host is also able to compromise a user, which executes code from these shared environments. With this Werk, `shared holotree usage` will no longer be enabled. Affected users will have their - access to the vunerable Python environments revoked. Moreover, the permissions inside of the working ? -------- + access to the vulnerable Python environments revoked. Moreover, the permissions inside of the ? + - directory of Robotmk have been reworked. Users now only have access to directories, which are ? ---- + working directory of Robotmk have been reworked. Users now only have access to directories, which ? ++++++++ - required for their own executions. + are required for their own executions. ? ++++ Note, you must update both Checkmk and redeploy the latest Robotmk Scheduler. *Affected Versions*: * 2.3.0 *Mitigations*: If updating is not possible: * Do not use the rule `Automated environment setup (via RCC)`. * Always use the same user for `Execute plan as a specific user`. *Vulnerability Management*: We have rated the issue with a CVSS Score of 7.8 (High) with the following CVSS vector: `CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H` and requested a CVE.

2 months, 3 weeks

[2.4.0] Checkmk Werk 16863 created: proxmox: Fix log parsing crash for Proxmox versions 3.2.4 and newer

by Checkmk werks level 1

[//]: # (werk v2) # proxmox: Fix log parsing crash for Proxmox versions 3.2.4 and newer key | value ---------- | --- compatible | yes version | 2.4.0b1 date | 2024-06-28T14:34:01+00:00 level | 1 class | fix component | checks edition | cre The backup log format changed in Proxmox version 3.2.4 which resulted in a crash in the Proxmox special agent. The special agent can now handle both old and the new format of backup log messages.

2 months, 3 weeks

[2.4.0] Checkmk Werk 16845 created: fix a privilege escalation vulnerability in the Checkmk Windows Agent

by Checkmk werks level 1

[//]: # (werk v2) # fix a privilege escalation vulnerability in the Checkmk Windows Agent key | value ---------- | --- date | 2024-07-01T14:23:18+00:00 version | 2.4.0b1 class | security edition | cre component | checks level | 2 compatible | yes This Werk fixes a privilege escalation vulnerability in the Checkmk Windows Agent. Prior to this Werk, it was possible for authenticated users on the monitored Windows host to execute commands as administrator account that is used to run the Agent, allowing them to elevate their privileges. The reason for this issue were excessive write permissions on the `ProgramData\checkmk\agent` directory. Note that you must update Checkmk as well as the agent in order to apply this fix. This issue was found in a commissioned penetration test conducted by modzero GmbH. *Affected Versions*: * 2.3.0 * 2.2.0 * 2.1.0 *Mitigations*: If updating is not possible, you can manually remove write access for non-admin users on the `ProgramData\checkmk\agent` folder. To do this, navigate to the folder's property settings and make sure to verify the special permissions and advanced permission settings in addition to the basic permission settings. *Vulnerability Management*: We have rated the issue with a CVSS Score of 8.8 High (`CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H`) and assigned `CVE-2024-28827`.

2 months, 3 weeks

[2.4.0] Checkmk Werk 17090 created: Fix Various CSRF Issues

by Checkmk werks level 1

[//]: # (werk v2) # Fix Various CSRF Issues key | value ---------- | --- date | 2024-06-21T08:32:14+00:00 version | 2.4.0b1 class | security edition | cre component | wato level | 1 compatible | yes This Werk adds priviously missing CSRF-Token validation to various endpoints in WATO. The lack of CSRF-Token validation could allow an attacker to perform actions on behalf of a user without their consent, by tricking the user into visiting clicking on a malicious link. This vulnerability was identified during a commissioned penetration test conducted by PS Positive Security GmbH. *Affected Versions*: * 2.3.0 * 2.2.0 * 2.1.0 * 2.0.0 (EOL) *Vulnerability Management*: We have rated the issue with a CVSS Score of 8.8 High (`CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H`) and assigned `CVE-2024-28828`.

2 months, 3 weeks

[2.4.0] Checkmk Werk 16753 created: HW/SW Inventory: Fix missing joined service columns if a service is assigned to a cluster

by Checkmk werks level 1

[//]: # (werk v2) # HW/SW Inventory: Fix missing joined service columns if a service is assigned to a cluster key | value ---------- | --- date | 2024-07-01T14:32:58+00:00 version | 2.4.0b1 class | fix edition | cre component | multisite level | 1 compatible | yes

2 months, 3 weeks

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

Checkmk werks level1