Werk #6614: Fixed reflected XSS affecting agent updater AJAX calls
Component | Agent bakery | ||||||
Title | Fixed reflected XSS affecting agent updater AJAX calls | ||||||
Date | Sep 14, 2018 | ||||||
Level | Trivial Change | ||||||
Class | Security Fix | ||||||
Compatibility | Compatible - no manual interaction needed | ||||||
Checkmk versions & editions |
|
When the hostname of a monitored agent is known, this could be used to exploit a reflected XSS vulnerability. Every unauthenticated or authenticated user can issue a request like this. The victim does not have to be authorized on the Check_MK application