Werk #17998: Add option to configure trust between central and remote site
| Component | User interface | ||||
| Title | Add option to configure trust between central and remote site | ||||
| Date | Sep 19, 2025 | ||||
| Level | Trivial Change | ||||
| Class | Security Fix | ||||
| Compatibility | Compatible - no manual interaction needed | ||||
| Checkmk versions & editions |
|
Remote sites could perform Cross-Site-Scripting (XSS) attacks against the central site by injecting malicious HTML code in service outputs.
To mitigate this we introduce a new attribute to site connections that defines if the remote site is fully trusted.
If a remote site is not trusted, the central site will escape the service output regardless of what is configured for that remote site.
By default every remote site with the configuration sync enabled is trusted (In MSE only provider owned sites are trusted). As with the configuration sync some sensitive information is transferred (e.g. passwords, local user password hashes). You can change this value in Setup > General > Distributed monitoring > Edit site connection.
We thank Lisa Gnedt (SBA Research) for reporting this issue.
Setups affected:
Affected are all distributed setups in which one remote site might be compromised by some entity.
Affected Versions:
- 2.4.0
- 2.3.0
- 2.2.0
- 2.1.0 (EOL)
Vulnerability Management:
We have rated the issue with a CVSS Score of 8.5 High (CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N) and assigned CVE-2025-39663.