Werk #8881: Fix possible XSS issue on "confirm failed notifications" page
Komponente | User interface |
Titel | Fix possible XSS issue on "confirm failed notifications" page |
Datum | 04.09.2019 |
Checkmk Edition | Checkmk Raw (CRE) |
Checkmk-Version | 1.6.0b9 2.0.0i1 |
Level | Kleine Änderung |
Klasse | Sicherheitsfix |
Kompatibilität | Kompatibel - benötigt kein manuelles Eingreifen |
Using a manipulated notification script or notification destination system it was possible to inject javascript code into the "confirm failed notifications" page.
To prevent users from this potential issue, you could remove the permission for viewing the failed notifications from the users roles.