Werk #16990: NagVis: Updated to 1.9.42 (fix security issues)

Component Other components
Title NagVis: Updated to 1.9.42 (fix security issues)
Date Jul 10, 2024
Level Trivial Change
Class Security Fix
Compatibility Compatible - no manual interaction needed
Checkmk versions & editions
2.4.0b1
Not yet released
Checkmk Raw (CRE), Checkmk Enterprise (CEE), Checkmk Cloud (CCE), Checkmk MSP (CME)
2.3.0p10 Checkmk Raw (CRE), Checkmk Enterprise (CEE), Checkmk Cloud (CCE), Checkmk MSP (CME)
2.2.0p31 Checkmk Raw (CRE), Checkmk Enterprise (CEE), Checkmk Cloud (CCE), Checkmk MSP (CME)
2.1.0p46 Checkmk Raw (CRE), Checkmk Enterprise (CEE), Checkmk MSP (CME)

NagVis has been updated to version 1.9.42.

This update fixes the following security issues: - Fix various XSS issues (CVSS score: 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) - Fix potential RCE - Fix insecure password hashing algorithm for dedicated NagVis users (CVSS score 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N) - Fix leak of installation path in error messages - Fix Make cookie hash comparison timing safe

To the list of all Werks