Werk #18187: NagVis: Updated to 1.9.47

Component

Other components

Title

NagVis: Updated to 1.9.47

Date

May 23, 2025

Level

Trivial Change

Class

Security Fix

Compatibility

Compatible - no manual interaction needed

Checkmk versions & editions

2.5.0b1 Not yet released	Checkmk Raw (CRE), Checkmk Enterprise (CEE), Checkmk Cloud (CCE), Checkmk MSP (CME)
2.4.0p3	Checkmk Raw (CRE), Checkmk Enterprise (CEE), Checkmk Cloud (CCE), Checkmk MSP (CME)
2.3.0p33	Checkmk Raw (CRE), Checkmk Enterprise (CEE), Checkmk Cloud (CCE), Checkmk MSP (CME)
2.2.0p43	Checkmk Raw (CRE), Checkmk Enterprise (CEE), Checkmk Cloud (CCE), Checkmk MSP (CME)

NagVis has been updated to version 1.9.47.

This update contains fixes for the following security issues:

potential XSS via WYSIWYG editor:

CVE-2024-47090
rated with CVSS score 5.1 Medium (CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N)

possible livestatus injection via dynmaps:

CVE-2024-38866
rated with CVSS score 5.7 Medium (CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:L)

See also https://www.nagvis.org/downloads/changelog/1.9.47.

Both issues were discovered during internal review.

Affected Checkmk versions: