Werk #3743: mk_jolokia: Fix possible code injection

Component Checks & agents
Title mk_jolokia: Fix possible code injection
Date Aug 25, 2016
Checkmk Edition Checkmk Raw (CRE)
Checkmk Version 1.2.8p10 1.4.0i1
Level Trivial Change
Class Security Fix
Compatibility Incompatible - Manual interaction might be required

The plugin now requires either the json or simplejson python library to work.

Python 2.6 or higher ships with json, in this case, the plugin will work just as before.

simplejson is available for Python 2.5 and higher, installation of this package is required for the plugin to work.

Older python versions are not supported, please query your Jolokia instances from another host in these cases (recommended) or continue to use the old version of the plugin. (not recommended)

In absence of the json or simplejson python libraries, the mk_jolokia plugin would previously try to parse the Jolokia response with python eval(), allowing a MITM attacker to inject arbitrary code.

To the list of all Werks