Werk #18638: Tightening crash report permissions
| Component | Setup | ||
| Title | Tightening crash report permissions | ||
| Date | Nov 10, 2025 | ||
| Level | Trivial Change | ||
| Class | Security Fix | ||
| Compatibility | Compatible - no manual interaction needed | ||
| Checkmk versions & editions |
|
As of this change Checkmk will restrict additional information related to crash reports.
This update will now require users to have the general.see_crash_reports in order to see the following information:
- Render any information other than the ID about a crash report within the GUI interface. These pages would be displayed at Monitor > System > Crash reports > Crash report: \<Crash Report ID>. Previously, a user would be displayed a rendered exception on the page with no additional information.
- See details about the exception in the Exc. coloumn on the Monitor > System > Crash reports page.
- Get a detailed crash report on RestAPI request failures. A user without this permission will now be limited to the basic exception raised and the crash report ID.
These changes are part of our ongoing improvements to the overall security of Checkmk. Therefore,
this security werk is issued with a CVSS score of 0.0 None
(CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N).