From mk at mathias-kettner.de Tue Jan 31 13:37:36 2017 From: mk at mathias-kettner.de (Mathias Kettner) Date: Tue, 31 Jan 2017 13:37:36 +0100 (CET) Subject: Check_MK Werk 8585: Fix permission: normal users were allowed to manage MKPs - not anymore Message-ID: <20170131123736.B98ED845D3@mail.mathias-kettner.de> ID: 8585 Title: Fix permission: normal users were allowed to manage MKPs - not anymore Component: WATO Level: 2 Class: Security Fix Version: 1.2.9i1 The new MKP manager module in WATO was preconfigured in a way that a normal monitoring user could manage MKP packages. This is considered as a bug and now only the admin role is allowed to manage packages. From lm at mathias-kettner.de Tue Jan 31 13:37:53 2017 From: lm at mathias-kettner.de (Lars Michelsen) Date: Tue, 31 Jan 2017 13:37:53 +0100 (CET) Subject: Check_MK Werk 8467: Fixed two stored XSS issues on the report scheduler page Message-ID: <20170131123753.B8D508458D@mail.mathias-kettner.de> ID: 8467 Title: Fixed two stored XSS issues on the report scheduler page Component: Reporting Level: 1 Class: Security Fix Version: 1.2.9i1 From lm at mathias-kettner.de Tue Jan 31 13:37:56 2017 From: lm at mathias-kettner.de (Lars Michelsen) Date: Tue, 31 Jan 2017 13:37:56 +0100 (CET) Subject: Check_MK Werk 8463: MKP Manager: Fixed possible HTML/JS injection from installed MKPs Message-ID: <20170131123757.6387984670@mail.mathias-kettner.de> ID: 8463 Title: MKP Manager: Fixed possible HTML/JS injection from installed MKPs Component: WATO Level: 1 Class: Security Fix Version: 1.2.9i1