Werk #14291: NagVis: Updated to 1.9.34 (Fix security issues)
|Title||NagVis: Updated to 1.9.34 (Fix security issues)|
|Date||Aug 29, 2022|
|Checkmk Edition||Checkmk Raw (CRE)|
|Checkmk Version||2.2.0b1 2.1.0p11 2.0.0p28 1.6.0p30|
|Compatibility||Compatible - no manual interaction needed|
This update of NagVis fixes the following security issues:
1. Fix SSRF (triggerable by admin users)
An administrative user with access to the global options, could perform a server-side request forgery.
2. Fix arbitrary file read
An authenticated attacker can read arbitrary files with the permissions of the web server user.
3. Fix type juggling vulnerability in cookie hash processing
An attacker could bypass the authentication and gain access to the NagVis component of checkmk.