[//]: # (werk v2)
# Service check commands exclamation mark is no more escaped
key | value
---------- | ---
date | 2024-06-03T07:19:18+00:00
version | 2.3.0p8
class | fix
edition | cre
component | multisite
level | 1
compatible | yes
Previously instead of "!" the GUI displayed "\!" when rendering a service check command.
This is fixed to rendering unescaped service check commands to the GUI.
[//]: # (werk v2)
# Escape user input on load failure of visuals
key | value
---------- | ---
date | 2024-06-26T10:17:37+00:00
version | 2.3.0p8
class | security
edition | cre
component | multisite
level | 1
compatible | yes
An attacker could create phishing links that take Checkmk users to their
Checkmk installation and lure them into a malicious link if a visual
(view/dashboard/report) did not exist.
<em>Affected Versions</em>:
LI: 2.3.0
LI: 2.2.0
LI: 2.1.0
LI: 2.0.0 (EOL)
<em>Vulnerability Management</em>:
We have rated the issue with a CVSS Score of <4.3 (Medium)> with the following
CVSS vector: <code>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N</code> and assigned CVE
<code>CVE-2024-38857</code>.
[//]: # (werk v2)
# Fix DCD creation using the Rest API
key | value
---------- | ---
date | 2024-06-28T12:06:10+00:00
version | 2.3.0p8
class | fix
edition | cee
component | rest-api
level | 1
compatible | yes
When creating a DCD using the Rest API, the hour and minutes of the exculded
times were saved in an incorrect format, causing the GUI to crash. This werk
fixes the problem and the fields are now saved as integers instead of strings.
[//]: # (werk v2)
# ldap: users should be created without the suffix unless there are conflicts
key | value
---------- | ---
date | 2024-06-05T12:24:08+00:00
version | 2.4.0b1
class | fix
edition | cre
component | wato
level | 1
compatible | yes
Previously, if you had an ldap connection configured with both a "suffix"
and "create users only on login" enabled. The username used to login would
be used to create a user profile.
E.g.
* testuser1 -> created a userprofile called testuser1
* testuser1@suffix -> created a userprofile called testuser1@suffix
This was incorrect. The suffix should only be used when there are conflicts.
This werk addresses this issue by changing the behaviour to:
* Check if the user (without the suffix) already exists.
* If it's the same user, login with this user. No need to create a new user profile.
* If it's a different user, repeat the process using the username with the suffix.
[//]: # (werk v2)
# Escape user input on load failure of visuals
key | value
---------- | ---
date | 2024-06-26T10:17:37+00:00
version | 2.4.0b1
class | security
edition | cre
component | multisite
level | 1
compatible | yes
An attacker could create phishing links that take Checkmk users to their
Checkmk installation and lure them into a malicious link if a visual
(view/dashboard/report) did not exist.
<em>Affected Versions</em>:
LI: 2.3.0
LI: 2.2.0
LI: 2.1.0
LI: 2.0.0 (EOL)
<em>Vulnerability Management</em>:
We have rated the issue with a CVSS Score of <4.3 (Medium)> with the following
CVSS vector: <code>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N</code> and assigned CVE
<code>CVE-2024-38857</code>.
[//]: # (werk v2)
# Fix DCD creation using the Rest API
key | value
---------- | ---
date | 2024-06-28T12:06:10+00:00
version | 2.4.0b1
class | fix
edition | cee
component | rest-api
level | 1
compatible | yes
When creating a DCD using the Rest API, the hour and minutes of the exculded
times were saved in an incorrect format, causing the GUI to crash. This werk
fixes the problem and the fields are now saved as integers instead of strings.
[//]: # (werk v2)
# snmp: Fix error in SNMP context serialization
key | value
---------- | ---
date | 2024-06-28T10:44:57+00:00
version | 2.3.0p8
class | fix
edition | cre
component | checks
level | 1
compatible | yes
Using SNMPv3 with contexts resulted in a CRIT Check_MK service and an error:
`[snmp] AttributeError("'tuple' object has no attribute 'section'")`.
[//]: # (werk v2)
# ICMP Echo Request (Ping): Off-by-one error in active check
key | value
---------- | ---
date | 2024-06-26T08:50:24+00:00
version | 2.3.0p8
class | fix
edition | cre
component | checks
level | 1
compatible | no
This fixes a regression in Checkmk version 2.3.
When using the setting _"Ping IP address identified by its index"_ of the plugin _ICMP Echo Request (Ping)_, the used address was off by one.
The fix is incompatible for users that have accounted for this error and changed their rule.
To avoid mistakes in the future, we've added a hint to the rule, and validate that the configured index is equal to or larger than 1.
[//]: # (werk v2)
# snmp: Fix error in SNMP context serialization
key | value
---------- | ---
date | 2024-06-28T10:44:57+00:00
version | 2.4.0b1
class | fix
edition | cre
component | checks
level | 1
compatible | yes
Using SNMPv3 with contexts resulted in a CRIT Check_MK service and an error:
`[snmp] AttributeError("'tuple' object has no attribute 'section'")`.
[//]: # (werk v2)
# ICMP Echo Request (Ping): Off-by-one error in active check
key | value
---------- | ---
date | 2024-06-26T08:50:24+00:00
version | 2.4.0b1
class | fix
edition | cre
component | checks
level | 1
compatible | no
This fixes a regression in Checkmk version 2.3.
When using the setting _"Ping IP address identified by its index"_ of the plugin _ICMP Echo Request (Ping)_, the used address was off by one.
The fix is incompatible for users that have accounted for this error and changed their rule.
To avoid mistakes in the future, we've added a hint to the rule, and validate that the configured index is equal to or larger than 1.