Werk #6614: Fixed reflected XSS affecting agent updater AJAX calls
Komponente | Agent bakery |
Titel | Fixed reflected XSS affecting agent updater AJAX calls |
Datum | 14.09.2018 |
Checkmk Edition | Checkmk Enterprise (CEE) |
Checkmk-Version | 1.4.0p36 1.5.0p5 1.6.0b1 |
Level | Kleine Änderung |
Klasse | Sicherheitsfix |
Kompatibilität | Kompatibel - benötigt kein manuelles Eingreifen |
When the hostname of a monitored agent is known, this could be used to exploit a reflected XSS vulnerability. Every unauthenticated or authenticated user can issue a request like this. The victim does not have to be authorized on the Check_MK application