Werk #3743: mk_jolokia: Fix possible code injection
| Component | Checks & agents | ||||
| Title | mk_jolokia: Fix possible code injection | ||||
| Date | Aug 25, 2016 | ||||
| Level | Trivial Change | ||||
| Class | Security Fix | ||||
| Compatibility | Incompatible - Manual interaction might be required | ||||
| Checkmk versions & editions |
|
The plugin now requires either the json or simplejson python library to work.
Python 2.6 or higher ships with json, in this case, the plugin will work just as before.
simplejson is available for Python 2.5 and higher, installation of this package is required for the plugin to work.
Older python versions are not supported, please query your Jolokia instances from another host in these cases (recommended) or continue to use the old version of the plugin. (not recommended)
In absence of the json or simplejson python libraries, the mk_jolokia plugin would previously try to parse the Jolokia response with python eval(), allowing a MITM attacker to inject arbitrary code.