Werk #6615: Fixed unauthorized access to master control actions

Component

User interface

Title

Fixed unauthorized access to master control actions

Date

Sep 14, 2018

Level

Prominent Change

Class

Security Fix

Compatibility

Compatible - no manual interaction needed

Checkmk versions & editions

1.6.0b1 Not yet released	Checkmk Raw (CRE), Checkmk Enterprise (CEE), Checkmk MSP (CME)
1.6.0b1 Not yet released	Checkmk Raw (CRE), Checkmk Enterprise (CEE), Checkmk MSP (CME)
1.6.0b1 Not yet released	Checkmk Raw (CRE), Checkmk Enterprise (CEE), Checkmk MSP (CME)
1.6.0b1 Not yet released	Checkmk Raw (CRE), Checkmk Enterprise (CEE), Checkmk MSP (CME)
1.6.0b1 Not yet released	Checkmk Raw (CRE), Checkmk Enterprise (CEE), Checkmk MSP (CME)
1.6.0b1	Checkmk Raw (CRE), Checkmk Enterprise (CEE), Checkmk MSP (CME)
1.5.0p5	Checkmk Raw (CRE), Checkmk Enterprise (CEE), Checkmk MSP (CME)
1.4.0p36	Checkmk Raw (CRE), Checkmk Enterprise (CEE), Checkmk MSP (CME)

As an authenticated guest user it was possible to gain unauthorized access to the master control snapin actions event if it is not possible to open the master control snapin. The vulnerability could be used to disable the complete monitoring or trigger other actions like disabling notifications.

To the list of all Werks