Werk #13066: Fix path traversal vulnerability

Name: checkmk
Rating: 4.7 (114 reviews)

Component

Setup

Title

Fix path traversal vulnerability

Date

Jul 23, 2021

Level

Trivial Change

Class

Security Fix

Compatibility

Compatible - no manual interaction needed

Checkmk versions & editions

2.1.0b1	Checkmk Raw (CRE), Checkmk Enterprise (CEE), Checkmk MSP (CME)
2.0.0p9	Checkmk Raw (CRE), Checkmk Enterprise (CEE), Checkmk MSP (CME)
1.6.0p25	Checkmk Raw (CRE), Checkmk Enterprise (CEE), Checkmk MSP (CME)

An authenticated user was able to enumerate the filesystem, accessible to the siteuser. No file contents were disclosed.