Werk #6615: Fixed unauthorized access to master control actions
Component | User interface |
Title | Fixed unauthorized access to master control actions |
Date | Sep 14, 2018 |
Checkmk Edition | Checkmk Raw (CRE) |
Checkmk Version | 1.4.0p36 1.5.0p5 1.6.0b1 |
Level | Prominent Change |
Class | Security Fix |
Compatibility | Compatible - no manual interaction needed |
As an authenticated guest user it was possible to gain unauthorized access to the master control snapin actions event if it is not possible to open the master control snapin. The vulnerability could be used to disable the complete monitoring or trigger other actions like disabling notifications.