Werk #17342: Redact site secret in info logs of automation calls

Component Setup
Title Redact site secret in info logs of automation calls
Date Nov 20, 2024
Level Trivial Change
Class Security Fix
Compatibility Compatible - no manual interaction needed
Checkmk versions & editions
2.4.0b1
Not yet released
Checkmk Raw (CRE), Checkmk Enterprise (CEE), Checkmk Cloud (CCE), Checkmk MSP (CME)
2.3.0p22 Checkmk Raw (CRE), Checkmk Enterprise (CEE), Checkmk Cloud (CCE), Checkmk MSP (CME)
2.2.0p37 Checkmk Raw (CRE), Checkmk Enterprise (CEE), Checkmk Cloud (CCE), Checkmk MSP (CME)

If the log level of Automation calls is set to Informational, automation calls are logged including the site secret.

With this Werk the secret is redacted.

This issue was found during internal review.

Affected Versions:

  • 2.3.0
  • 2.2.0
  • 2.1.0
  • 2.0.0 (EOL)

Mitigations:

Set the log level to Warning or higher.

Vulnerability Management:

We have rated the issue with a CVSS Score of 5.7 Medium (CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N) and assigned CVE-2024-47094.

To the list of all Werks