Download

Werk #982: Fix two XSS weaknesses according to CVSS 8.5 AV:N/AC:M/Au:S/C:C/I:C/A:C

Komponente User interface
Titel Fix two XSS weaknesses according to CVSS 8.5 AV:N/AC:M/Au:S/C:C/I:C/A:C
Datum 27.05.2014
Checkmk Edition Checkmk Raw (CRE)
Checkmk-Version 1.2.5i4
Level Bedeutende Änderung
Klasse Sicherheitsfix
Kompatibilität Kompatibel - benötigt kein manuelles Eingreifen

This fixes the following issue:

The check_mk application is susceptible to reflected XSS attacks. This is mainly the result of inproper output encoding. Reflected XSS can be triggered by sending a malicious URL to a user of the check_mk application. Once the XSS attack is triggered, the attacker has access to the full check_mk (and nagios) application with the access rights of the logged in victim.

The fix applies to the function:

htmllib.py: render_status_icons() actions.py: ajax_action()

Zur Liste aller Werks

Überzeugen Sie sich selbst

Testen Sie Checkmk jetzt.

Raw Edition herunterladen Kostenloses Open-Source-Monitoring
Play with Checkmk Checkmk ohne Installation ausprobieren
checkmk_conference_10.png

Das Highlight des Jahres: Vom 11. - 13. Juni 2024 kommt die Checkmk Community in München zusammen.

Register now