Werk #6614: Fixed reflected XSS affecting agent updater AJAX calls
| Component | Agent bakery | ||||||
| Title | Fixed reflected XSS affecting agent updater AJAX calls | ||||||
| Date | Sep 14, 2018 | ||||||
| Level | Trivial Change | ||||||
| Class | Security Fix | ||||||
| Compatibility | Compatible - no manual interaction needed | ||||||
| Checkmk versions & editions |
|
When the hostname of a monitored agent is known, this could be used to exploit a reflected XSS vulnerability. Every unauthenticated or authenticated user can issue a request like this. The victim does not have to be authorized on the Check_MK application