Checkmk werks level1

checkmk-werks-lvl1@lists.checkmk.com

1 participants
15984 discussions

Check_MK Werk 6595: if.include: Recognize duplicate interface items correctly

by Simon Betz

ID: 6595 Title: if.include: Recognize duplicate interface items correctly Component: Checks & agents Level: 1 Class: Bug fix Version: 1.6.0i1 The recognition works correct but not in the following situation where the wrong network interface data is checked. <ul> <li><tt>Use desciption</tt> or <tt>use alias</tt> is configured in the ruleset <tt>Network Interface and Switch Port Discovery</tt>.</li> <li>Two or more network interfaces exist with same description or alias.</li> <li>Only one network interface with this description or alias is discovered.</li> <li>The discovered network interface does not rank first.</li> </ul> Now the index is attached if an alias or description exists at least twice.

6 years

Check_MK Werk 6625: Fixed possible failed mkbackup because of changed mknotifyd state file

by Lars Michelsen

ID: 6625 Title: Fixed possible failed mkbackup because of changed mknotifyd state file Component: Core & setup Level: 1 Class: Bug fix Version: 1.6.0i1 The mknotifyd used specific names for a temporary file which was not excluded by the mkbackup mechanism. When a backup was performed while the mknotifyd wrote it's state file, the backup could fail with an exception like this: OSError: [Errno 2] No such file or directory: \'/omd/sites/int_ma_5351/var/log/mknotifyd.state.new\'

6 years

Check_MK Werk 6597: netapp_api_vs_traffic: Fixed pending services

by Simon Betz

ID: 6597 Title: netapp_api_vs_traffic: Fixed pending services Component: Checks & agents Level: 1 Class: Bug fix Version: 1.6.0i1 The netapp_api_vs_traffic service always shows <tt>Traffic vServer NAME PEND - Cannot compute check result: No time difference</tt> This is caused because the counter key which is used in get_rate function is not unique if multiple protocols are found.

6 years

Check_MK Werk 6565: Fixed possible XSS issues in Bookmarks snapin

by Lars Michelsen

ID: 6565 Title: Fixed possible XSS issues in Bookmarks snapin Component: Multisite Level: 1 Class: Security fix Version: 1.6.0i1 We've discovered and fixed several possible XSS issues affecting the Bookmarks snapin. These could be used to execute arbitrary javascript code in the context of an authenticated user.

6 years

Check_MK Werk 6609: Fixed possible XSS on SNMP MIB upload page

by Lars Michelsen

ID: 6609 Title: Fixed possible XSS on SNMP MIB upload page Component: WATO Level: 1 Class: Security fix Version: 1.6.0i1 Using MIB files with specific names it was possible to trigger an XSS on the MIB file administration page which only affected admin users.

6 years

Check_MK Werk 6566: Fixed possible XSS on agent update status views

by Lars Michelsen

ID: 6566 Title: Fixed possible XSS on agent update status views Component: agents Level: 1 Class: Security fix Version: 1.6.0i1 Parts of the agent deployment status could be used to trigger XSS injections.

6 years

Check_MK Werk 6567: Fixed possible XSS on activate changes page

by Lars Michelsen

ID: 6567 Title: Fixed possible XSS on activate changes page Component: WATO Level: 1 Class: Security fix Version: 1.6.0i1 It was possible to trigger an XSS issue using the change messages in some situations.

6 years

Check_MK Werk 6568: Fixed possible XSS on custom icon management page

by Lars Michelsen

ID: 6568 Title: Fixed possible XSS on custom icon management page Component: WATO Level: 1 Class: Security fix Version: 1.6.0i1 Using icons with specific names it was possible to trigger an XSS on the icon administration page which only affected admin users.

6 years

Check_MK Werk 6611: Fixed multiple reflected XSS attacks using AJAX calls

by Lars Michelsen

ID: 6611 Title: Fixed multiple reflected XSS attacks using AJAX calls Component: WATO Level: 1 Class: Security fix Version: 1.6.0i1 Several AJAX calls with invalid content type setting could be used to trigger XSS attacks.

6 years

Check_MK Werk 6615: Fixed unauthorized access to master control actions

by Lars Michelsen

ID: 6615 Title: Fixed unauthorized access to master control actions Component: Multisite Level: 2 Class: Security fix Version: 1.6.0i1 As an authenticated guest user it was possible to gain unauthorized access to the master control snapin actions event if it is not possible to open the master control snapin. The vulnerability could be used to disable the complete monitoring or trigger other actions like disabling notifications.

6 years

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

Checkmk werks level1