Title: Livestatus Injections Class: security Compatible: compat Component: wato Date: 1700066363 Edition: cre Level: 1 Version: 2.3.0b1 Prior to this Werk it was possible to inject arbitrary livestatus commands to the core via the WebUI. We found this vulnerability internally. <b>Affected Versions</b>: LI: 2.2.0 LI: 2.1.0 LI: 2.0.0 <b>Vulnerability Management</b>: We have rated the issue with a CVSS Score of 7.6 (High) with the following CVSS vector: <tt>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H</tt>. We assigned CVE-2023-6156 and CVE-2023-6157 to these vulnerabilities. <b>Changes</b>: This Werk strips the relevant parameters of newlines.