Werk #6614: Fixed reflected XSS affecting agent updater AJAX calls
Component | Agent bakery |
Title | Fixed reflected XSS affecting agent updater AJAX calls |
Date | Sep 14, 2018 |
Checkmk Edition | Checkmk Enterprise (CEE) |
Checkmk Version | 1.4.0p36 1.5.0p5 1.6.0b1 |
Level | Trivial Change |
Class | Security Fix |
Compatibility | Compatible - no manual interaction needed |
When the hostname of a monitored agent is known, this could be used to exploit a reflected XSS vulnerability. Every unauthenticated or authenticated user can issue a request like this. The victim does not have to be authorized on the Check_MK application