Checkmk werks level1

checkmk-werks-lvl1@lists.checkmk.com

1 participants
15873 discussions

[2.4.0] Checkmk Werk 16861 created: sql: Allow macros in 'Query or SQL statement' field

by Checkmk werks level 1

[//]: # (werk v2) # sql: Allow macros in 'Query or SQL statement' field key | value ---------- | --- date | 2024-06-13T15:56:27+00:00 version | 2.4.0b1 class | fix edition | cre component | checks level | 1 compatible | yes With the version 2.3, the usage of macros in the `Query or SQL statementw` field of the `Check SQL database` was disallowed. With this Werk, it's allowed again.

3 months

[2.4.0] Checkmk Werk 16745 created: Fix wrong HW/SW inventory result if 'missing software packages'

by Checkmk werks level 1

[//]: # (werk v2) # Fix wrong HW/SW inventory result if 'missing software packages' key | value ---------- | --- date | 2024-06-14T09:49:53+00:00 version | 2.4.0b1 class | fix edition | cre component | inv level | 1 compatible | yes

3 months

[2.4.0] Checkmk Werk 16821 created: mssql_datafiles: Fix computation of maximum size

by Checkmk werks level 1

[//]: # (werk v2) # mssql_datafiles: Fix computation of maximum size key | value ---------- | --- date | 2024-06-10T21:07:52+00:00 version | 2.4.0b1 class | fix edition | cre component | checks level | 1 compatible | yes

3 months

[2.1.0] Checkmk Werk 17009 created: XSS in inventory tree

by Checkmk werks level 1

Title: XSS in inventory tree Class: security Compatible: compat Component: inv Date: 1717744837 Edition: cre Level: 1 Version: 2.1.0p45 Prior to this Werk an attacker with control over an agent was able to inject HTML in the output which was then rendered in the inventory tree of the coresponding host. This problem exists only if the rule Do hardware/software inventory is set for the compromised agent/host. We found this vulnerability internally. Affected Versions: LI: 2.3.0 LI: 2.2.0 LI: 2.1.0 LI: 2.0.0 Mitigations: If you are unable to patch you can disable inventory scanning for all hosts. Indicators of Compromise: You can check <code>var/check_mk/inventory/</code> for inventories with embedded HTML. This only indicates current 'attacks'. Previous attacks (where the agent does not output the payload anymore) are not discoverable after some time (caching). Vulnerability Management: We have rated the issue with a CVSS Score of 6.5 (Medium) with the following CVSS vector: <code>CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L</code> We assigned CVE-2024-5741 to this vulnerability. Changes: This Werk adds sanitation to the HTML output.

3 months, 1 week

[2.2.0] Checkmk Werk 17009 created: XSS in inventory tree

by Checkmk werks level 1

Title: XSS in inventory tree Class: security Compatible: compat Component: inv Date: 1717744837 Edition: cre Level: 1 Version: 2.2.0p28 Prior to this Werk an attacker with control over an agent was able to inject HTML in the output which was then rendered in the inventory tree of the coresponding host. This problem exists only if the rule Do hardware/software inventory is set for the compromised agent/host. We found this vulnerability internally. Affected Versions: LI: 2.3.0 LI: 2.2.0 LI: 2.1.0 LI: 2.0.0 Mitigations: If you are unable to patch you can disable inventory scanning for all hosts. Indicators of Compromise: You can check <code>var/check_mk/inventory/</code> for inventories with embedded HTML. This only indicates current 'attacks'. Previous attacks (where the agent does not output the payload anymore) are not discoverable after some time (caching). Vulnerability Management: We have rated the issue with a CVSS Score of 6.5 (Medium) with the following CVSS vector: <code>CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L</code> We assigned CVE-2024-5741 to this vulnerability. Changes: This Werk adds sanitation to the HTML output.

3 months, 1 week

[2.4.0] Checkmk Werk 16786 created: ldap_connection: empty failover_server list should be considered disabled

by Checkmk werks level 1

[//]: # (werk v2) # ldap_connection: empty failover_server list should be considered disabled key | value ---------- | --- date | 2024-06-04T14:45:47+00:00 version | 2.4.0b1 class | fix edition | cre component | rest-api level | 1 compatible | yes When configuring an LDAP connection via the REST-API, the default value for the field failover_servers is an empty list. This value on the backend should be considered disabled and just not set. Previously, we were saving an empty list to the ldap config which was causing an error in the UI.

3 months, 1 week

[2.4.0] Checkmk Werk 16246 created: Rittal temperature check regression

by Checkmk werks level 1

[//]: # (werk v2) # Rittal temperature check regression key | value ---------- | --- date | 2024-06-14T11:21:23+00:00 version | 2.4.0b1 class | fix edition | cre component | checks level | 1 compatible | yes You're affected if you're using rittal temperature checks under 2.3.0. This regression exists since 2.3.0b1 and creates the following crash: ``` File "/omd/sites/YOURSITE/lib/python3/cmk/plugins/lib/temperature.py", line 319, in check_temperature raise ValueError (Cannot compute trend. Either specify both variables 'unique_name' and 'value_store' or none.) ```

3 months, 1 week

[2.2.0] Checkmk Werk 16432 created: cisco_temperature: Handle Invalid Device Readings

by Checkmk werks level 1

Title: cisco_temperature: Handle Invalid Device Readings Class: fix Compatible: compat Component: checks Date: 1718280849 Edition: cre Level: 1 Version: 2.2.0p28 Cisco SNMP devices may report temperatures of "inf" or "-inf". According to CISCO-ENTITY-SENSOR-MIB, these values are not valid. Previously, Checkmk would treat non-finite temperatures as valid. This invalid data would be written to <code>tmp/check_mk/counters/</code>, which then caused the <code>Check_MK</code> service to become UNKNOWN. Furthermore, the services on the host would become stale. With this Werk, the problematic values not persisted. Only the affected service state will be UNKNOWN. If you are affected, you can delete the corrupted counter file in <code>tmp/check_mk/counters/<host name></code>. To fix the readings reported by your device, please directly contact Cisco.

3 months, 1 week

[2.2.0] Checkmk Werk 16860 created: aws_ec2_summary: Update catalog documentation

by Checkmk werks level 1

Title: aws_ec2_summary: Update catalog documentation Class: fix Compatible: compat Component: checks Date: 1718028509 Edition: cre Level: 1 Version: 2.2.0p28

3 months, 1 week

[2.2.0] Checkmk Werk 16512 created: Restart scheduler after setting "use the status of a service"

by Checkmk werks level 1

Title: Restart scheduler after setting "use the status of a service" Class: fix Compatible: compat Component: core Date: 1718288461 Edition: cee Level: 1 Version: 2.2.0p28 This fixes the case where the default check scheduler would not restart after the user temporarily set "use the status of service" as the "host check command". The corresponding log entry was "refuse to schedule invalid jobhost ... at 1970-0101 ...".

3 months, 1 week

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

Checkmk werks level1