Title: Fix XSS on SAML login screen
Class: security
Compatible: compat
Component: wato
Date: 1725549833
Edition: cee
Level: 1
Version: 2.2.0p34
Prior to Werk, attackers could craft URLs that rendered clickable HTML links in the error box on the SAML login page.
This could facilitate phishing attacks by tricking users into clicking malicious links.
Links in the error message are now escaped and no longer clickable.
This issue was identified during internal review.
<em>Affected Versions</em>:
LI: 2.3.0
LI: 2.2.0
<em>Vulnerability Management</em>:
We have rated the issue with a CVSS Score of 5.1 Medium (<code>CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N</code>) and assigned <code>CVE-2024-38860</code>.
[//]: # (werk v2)
# Fix XSS on SAML login screen
key | value
---------- | ---
date | 2024-09-05T15:23:53+00:00
version | 2.3.0p16
class | security
edition | cee
component | wato
level | 1
compatible | yes
Prior to Werk, attackers could craft URLs that rendered clickable HTML links in the error box on the SAML login page.
This could facilitate phishing attacks by tricking users into clicking malicious links.
Links in the error message are now escaped and no longer clickable.
This issue was identified during internal review.
*Affected Versions*:
* 2.3.0
* 2.2.0
*Vulnerability Management*:
We have rated the issue with a CVSS Score of 5.1 Medium (`CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N`) and assigned `CVE-2024-38860`.
[//]: # (werk v2)
# Fix XSS on SAML login screen
key | value
---------- | ---
date | 2024-09-05T15:23:53+00:00
version | 2.4.0b1
class | security
edition | cee
component | wato
level | 1
compatible | yes
Prior to Werk, attackers could craft URLs that rendered clickable HTML links in the error box on the SAML login page.
This could facilitate phishing attacks by tricking users into clicking malicious links.
Links in the error message are now escaped and no longer clickable.
This issue was identified during internal review.
*Affected Versions*:
* 2.3.0
* 2.2.0
*Vulnerability Management*:
We have rated the issue with a CVSS Score of 5.1 Medium (`CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N`) and assigned `CVE-2024-38860`.
Title: Persist known host keys for checks that use SSH
Class: security
Compatible: compat
Component: checks
Date: 1724662564
Edition: cre
Level: 1
Version: 2.1.0p48
When using the special agent <em>VNX quotas and filesystems</em> or the active check <em>Check SFTP Service</em> the host keys were not properly checked.
If an attacker would get into a machine-in-the-middle position he could intercept the connection and retrieve information e.g. passwords.
As of this Werk the host key check is properly done.
In order to store known host keys a regular <code>known_hosts</code> file is used that is stored in <code>/omd/sites/$SITENAME/.ssh/known_hosts</code>.
If a host key changes an error is now raised that requires manual edit of this file.
This issue was found during internal review.
<em>Affected Versions</em>:
LI: 2.3.0
LI: 2.2.0
LI: 2.1.0
LI: 2.0.0 (EOL)
<em>Vulnerability Management</em>:
We have rated the issue with a CVSS Score of 6.3 Medium CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:L/SA:N and assigned CVE-2024-6572.
Title: Persist known host keys for checks that use SSH
Class: security
Compatible: compat
Component: checks
Date: 1724662564
Edition: cre
Level: 1
Version: 2.2.0p33
When using the special agent <em>VNX quotas and filesystems</em> or the active check <em>Check SFTP Service</em> the host keys were not properly checked.
If an attacker would get into a machine-in-the-middle position he could intercept the connection and retrieve information e.g. passwords.
As of this Werk the host key check is properly done.
In order to store known host keys a regular <code>known_hosts</code> file is used that is stored in <code>/omd/sites/$SITENAME/.ssh/known_hosts</code>.
If a host key changes an error is now raised that requires manual edit of this file.
This issue was found during internal review.
<em>Affected Versions</em>:
LI: 2.3.0
LI: 2.2.0
LI: 2.1.0
LI: 2.0.0 (EOL)
<em>Vulnerability Management</em>:
We have rated the issue with a CVSS Score of 6.3 Medium CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:L/SA:N and assigned CVE-2024-6572.
Werk 17148 was adapted. The following is the new Werk, a diff is shown at the end of the message.
[//]: # (werk v2)
# Persist known host keys for checks that use SSH
key | value
---------- | ---
date | 2024-08-26T08:56:04+00:00
version | 2.3.0p15
class | security
edition | cre
component | checks
level | 1
compatible | yes
When using the special agent *VNX quotas and filesystems* or the active check *Check SFTP Service* the host keys were not properly checked.
If an attacker would get into a machine-in-the-middle position he could intercept the connection and retrieve information e.g. passwords.
As of this Werk the host key check is properly done.
In order to store known host keys a regular `known_hosts` file is used that is stored in `/omd/sites/$SITENAME/.ssh/known_hosts`.
If a host key changes an error is now raised that requires manual edit of this file.
This issue was found during internal review.
*Affected Versions*:
* 2.3.0
* 2.2.0
* 2.1.0
* 2.0.0 (EOL)
*Vulnerability Management*:
We have rated the issue with a CVSS Score of 6.3 Medium CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:L/SA:N and assigned CVE-2024-6572.
------------------------------------<diff>-------------------------------------------
[//]: # (werk v2)
# Persist known host keys for checks that use SSH
key | value
---------- | ---
date | 2024-08-26T08:56:04+00:00
- version | 2.3.0p14
? ^
+ version | 2.3.0p15
? ^
class | security
edition | cre
component | checks
level | 1
compatible | yes
When using the special agent *VNX quotas and filesystems* or the active check *Check SFTP Service* the host keys were not properly checked.
If an attacker would get into a machine-in-the-middle position he could intercept the connection and retrieve information e.g. passwords.
As of this Werk the host key check is properly done.
In order to store known host keys a regular `known_hosts` file is used that is stored in `/omd/sites/$SITENAME/.ssh/known_hosts`.
If a host key changes an error is now raised that requires manual edit of this file.
This issue was found during internal review.
*Affected Versions*:
* 2.3.0
* 2.2.0
* 2.1.0
* 2.0.0 (EOL)
*Vulnerability Management*:
We have rated the issue with a CVSS Score of 6.3 Medium CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:L/SA:N and assigned CVE-2024-6572.
Werk 17026 was adapted. The following is the new Werk, a diff is shown at the end of the message.
Title: Fix XSS in view page with SLA column
Class: security
Compatible: compat
Component: wato
Date: 1723724113
Edition: cee
Level: 1
Version: 2.1.0p48
Prior to this werk, the SLA (Service Level Agreement) titles were being rendered as HTML in the view page without proper escaping, leading to a potential XSS vulnerability.
<strong>Affected Versions</strong>:
LI: 2.3.0
LI: 2.2.0
LI: 2.1.0
LI: 2.0.0 (EOL)
<strong>Indicators of Compromise</strong>:
Cloning the view page of untrusted users who have injected HTML into the SLA titles.
<strong>Vulnerability Management</strong>:
We have rated the issue with a CVSS score of 4.8 (medium) with the following CVSS vector: <code>CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N</code>, and assigned <code>CVE-2024-38859</code>.
------------------------------------<diff>-------------------------------------------
Title: Fix XSS in view page with SLA column
Class: security
Compatible: compat
Component: wato
Date: 1723724113
Edition: cee
Level: 1
- Version: 2.1.0p47
? ^
+ Version: 2.1.0p48
? ^
Prior to this werk, the SLA (Service Level Agreement) titles were being rendered as HTML in the view page without proper escaping, leading to a potential XSS vulnerability.
<strong>Affected Versions</strong>:
LI: 2.3.0
LI: 2.2.0
LI: 2.1.0
LI: 2.0.0 (EOL)
<strong>Indicators of Compromise</strong>:
Cloning the view page of untrusted users who have injected HTML into the SLA titles.
<strong>Vulnerability Management</strong>:
We have rated the issue with a CVSS score of 4.8 (medium) with the following CVSS vector: <code>CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N</code>, and assigned <code>CVE-2024-38859</code>.
[//]: # (werk v2)
# Persist known host keys for checks that use SSH
key | value
---------- | ---
date | 2024-08-26T08:56:04+00:00
version | 2.3.0p14
class | security
edition | cre
component | checks
level | 1
compatible | yes
When using the special agent *VNX quotas and filesystems* or the active check *Check SFTP Service* the host keys were not properly checked.
If an attacker would get into a machine-in-the-middle position he could intercept the connection and retrieve information e.g. passwords.
As of this Werk the host key check is properly done.
In order to store known host keys a regular `known_hosts` file is used that is stored in `/omd/sites/$SITENAME/.ssh/known_hosts`.
If a host key changes an error is now raised that requires manual edit of this file.
This issue was found during internal review.
*Affected Versions*:
* 2.3.0
* 2.2.0
* 2.1.0
* 2.0.0 (EOL)
*Vulnerability Management*:
We have rated the issue with a CVSS Score of 6.3 Medium CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:L/SA:N and assigned CVE-2024-6572.