Checkmk Conference #6 is coming! Learn more about it here!
|Title||Fixed reflected XSS affecting agent updater AJAX calls|
|Checkmk Edition||Checkmk Enterprise Edition (CEE)|
|Compatibility||Compatible - no manual interaction needed|
When the hostname of a monitored agent is known, this could be used to exploit a reflected XSS vulnerability. Every unauthenticated or authenticated user can issue a request like this. The victim does not have to be authorized on the Check_MK application