Download

Werk #13719: Remove report element "Paragraph of text fetched via HTTP(s)"

Komponente Reporting & availability
Titel Remove report element "Paragraph of text fetched via HTTP(s)"
Datum 09.02.2022
Checkmk Edition Checkmk Enterprise (CEE)
Checkmk-Version 2.0.0p20 2.1.0b1
Level Kleine Änderung
Klasse Sicherheitsfix
Kompatibilität Inkompatibel - Manuelle Interaktion könnte erforderlich sein

In previous versions one could add text from foreign websites into reports. Paragraph of text fetched via HTTP(s) The functionality was very limited since no parsing was done. This functionality broke with version 2.0.0.

Additionally this could enable a malicious actor to retrieve sensitive information from systems accessible to the Checkmk server (SSRF). Therefore the functionality is removed.

Existing report elements of type Paragraph of text fetched via HTTP(s) will be converted to Paragraph of text elements with text refering to the URL. Unfortunately no macros will be resolved.

Zur Liste aller Werks

Überzeugen Sie sich selbst

Testen Sie Checkmk jetzt.

Raw Edition herunterladen Kostenloses Open-Source-Monitoring
Play with Checkmk Checkmk ohne Installation ausprobieren
checkmk_conference_10.png

Das Highlight des Jahres: Vom 11. - 13. Juni 2024 kommt die Checkmk Community in München zusammen.

Register now