Werk #13067: Fix path traversal vulnerability

Name: checkmk
Rating: 4.7 (114 reviews)

Component

Setup

Title

Fix path traversal vulnerability

Date

Aug 16, 2021

Level

Trivial Change

Class

Security Fix

Compatibility

Compatible - no manual interaction needed

Checkmk versions & editions

2.1.0b1	Checkmk Community, Checkmk Pro, Checkmk Ultimate MT
2.0.0p10	Checkmk Community, Checkmk Pro, Checkmk Ultimate MT
1.6.0p26	Checkmk Community, Checkmk Pro, Checkmk Ultimate MT

An authenticated user was able to enumerate files ending with ".csv" on the filesystem, accessible to the siteuser.