Werk #3297: Fixes possible XSS in views sidebar snapin

Component User interface
Title Fixes possible XSS in views sidebar snapin
Date Mar 21, 2016
Level Trivial Change
Class Security Fix
Compatibility Compatible - no manual interaction needed
Checkmk versions & editions
1.4.0i1
Not yet released
Checkmk Raw (CRE), Checkmk Enterprise (CEE), Checkmk MSP (CME)
1.4.0i1
Not yet released
Checkmk Raw (CRE), Checkmk Enterprise (CEE), Checkmk MSP (CME)
1.4.0i1
Not yet released
Checkmk Raw (CRE), Checkmk Enterprise (CEE), Checkmk MSP (CME)
1.4.0i1
Not yet released
Checkmk Raw (CRE), Checkmk Enterprise (CEE), Checkmk MSP (CME)
1.4.0i1
Not yet released
Checkmk Raw (CRE), Checkmk Enterprise (CEE), Checkmk MSP (CME)
1.4.0i1
Not yet released
Checkmk Raw (CRE), Checkmk Enterprise (CEE), Checkmk MSP (CME)
1.4.0i1
Not yet released
Checkmk Raw (CRE), Checkmk Enterprise (CEE), Checkmk MSP (CME)
1.4.0i1 Checkmk Raw (CRE), Checkmk Enterprise (CEE), Checkmk MSP (CME)
1.2.8b8 Checkmk Raw (CRE), Checkmk Enterprise (CEE), Checkmk MSP (CME)

Authenticated and permitted users could create views using a topic which might contains HTML code, for example script tags, that where executed when having the view listed in the views snapin.

Making the JS code be executed by other users is only possible with view publish permissions which normally only admin users have.

To the list of all Werks