[2.2.0] Checkmk Werk 15194 adapted: Fix command injection via RestAPI / Password Store

Werk 15194 was adapted. The following is the new Werk, a diff is shown at the end of the message. Title: Fix command injection via RestAPI / Password Store Class: security Compatible: compat Component: core Date: 1690985970 Edition: cre Knowledge: doc Level: 1 State: unknown Version: 2.2.0p8 Prior to this Werk, users with the permissions to (a) use the RestAPI, (b) create passwords in the password store, and (c) create active checks were able to run arbitrary commands on the site. This issue was found during internal code review. <b>Affected Versions</b>: LI: 2.0.0 LI: 2.1.0 LI: 2.2.0 prior to version 2.2.0p4 Note that at the point of publishing this Werk and fix, the current version 2.2.0 was already not affected by this issue anymore, as the issue was already mitigated by Werk #15889. <b>Indicators of Compromise</b>: Check the password store for passwords with unusual identifiers, review add-password events in the audit log. <b>Vulnerability Management</b>: We have rated the issue with a CVSS Score of 8.8 (High) with the following CVSS vector: <tt>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H</tt>. We have assigned CVE <tt>CVE-2023-31209</tt>. <b>Changes</b>: This Werk adds proper sanitization of the affected parameter on core commands. ------------------------------------<diff>------------------------------------------- Title: Fix command injection via RestAPI / Password Store Class: security Compatible: compat Component: core Date: 1690985970 Edition: cre Knowledge: doc Level: 1 State: unknown - Version: 2.2.0p4 ? ^ + Version: 2.2.0p8 ? ^ Prior to this Werk, users with the permissions to (a) use the RestAPI, (b) create passwords in the password store, and (c) create active checks were able to run arbitrary commands on the site. This issue was found during internal code review. <b>Affected Versions</b>: LI: 2.0.0 LI: 2.1.0 LI: 2.2.0 prior to version 2.2.0p4 Note that at the point of publishing this Werk and fix, the current version 2.2.0 was already not affected by this issue anymore, as the issue was already mitigated by Werk #15889. <b>Indicators of Compromise</b>: Check the password store for passwords with unusual identifiers, review add-password events in the audit log. <b>Vulnerability Management</b>: We have rated the issue with a CVSS Score of 8.8 (High) with the following CVSS vector: <tt>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H</tt>. We have assigned CVE <tt>CVE-2023-31209</tt>. <b>Changes</b>: This Werk adds proper sanitization of the affected parameter on core commands. -