Werk #10885: check_sftp: Fix possible command injection from the WATO configuration
Komponente | Checks & agents |
Titel | check_sftp: Fix possible command injection from the WATO configuration |
Datum | 09.04.2020 |
Checkmk Edition | Checkmk Raw (CRE) |
Checkmk-Version | 1.6.0p12 |
Level | Kleine Änderung |
Klasse | Sicherheitsfix |
Kompatibilität | Kompatibel - benötigt kein manuelles Eingreifen |
User which are permitted to configure the active check check_sftp via WATO could inject commands to Checkmk. These were executed on the Checkmk server the rule was applied on with the permissions of the Checkmk site user.