Download

Werk #17145: Information leak in mknotifyd

Komponente Notifications
Titel Information leak in mknotifyd
Datum 15.07.2024
Level Kleine Änderung
Klasse Sicherheitsfix
Kompatibilität Kompatibel - benötigt kein manuelles Eingreifen
Checkmk versions & editions
2.4.0b1 Checkmk Enterprise (CEE), Checkmk Cloud (CCE), Checkmk MSP (CME)
2.3.0p18 Checkmk Enterprise (CEE), Checkmk Cloud (CCE), Checkmk MSP (CME)
2.2.0p36 Checkmk Enterprise (CEE), Checkmk Cloud (CCE), Checkmk MSP (CME)
2.1.0p49 Checkmk Enterprise (CEE), Checkmk MSP (CME)

When a notification context is sent to mknotifyd a "result message" is generated by mknotifyd and sent back so the original site so it can show if there were problems handling that notification. This result message could contain secrets that were not meant to be sent to remote sites, e.g. passwords/secrets.

These secrets were not processed by the remote site but a rough site would have been able to retrieve these.

This issue was found during internal review.

Affected Versions:

  • 2.3.0
  • 2.2.0
  • 2.1.0
  • 2.0.0 (EOL)

Vulnerability Management:

We have rated the issue with a CVSS Score of 5.3 Medium (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) and assigned CVE-2024-6747.

Zur Liste aller Werks

Überzeugen Sie sich selbst

Testen Sie Checkmk jetzt.

Raw Edition herunterladen Kostenloses Open-Source-Monitoring
Play with Checkmk Checkmk ohne Installation ausprobieren