Headline
CVE-2023-1768: Linux agent: Handle failing symmetric encryption
Inappropriate error handling in Tribe29 Checkmk <= 2.1.0p25, <= 2.0.0p34, <= 2.2.0b3 (beta), and all versions of Checkmk 1.6.0 causes the symmetric encryption of agent data to fail silently and transmit the data in plaintext in certain configurations.
Component
Checks & agents
Title
Linux agent: Handle failing symmetric encryption
Date
Mar 31, 2023
Checkmk Edition
Checkmk Raw (CRE)
Checkmk Version
2.3.0b1 2.1.0p26 2.0.0p35 2.2.0b3
Level
Trivial Change
Class
Security Fix
Compatibility
Compatible - no manual interaction needed
Prior to this Werk the symmetric encryption of agent data (if configured) would fail silently if the option "Run agent as non-root user (Linux)" was also set, since these two options are not compatible. As a result, agent output would be sent unencrypted.
If symmetric encryption is configured, but failing, the agent will now abort immediately and transmit a message about the failure as the only output.
This will then be reported at the Check_MK Agent service of the host, alongside a CRIT status.
Affected Versions:
- 2.2.0 (beta)
- 2.1.0
- 2.0.0
- 1.6.0 (EOL)
Vulnerability Management: We have rated the issue with a CVSS Score of 3.7 (Low) with the following CVSS vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N. We have assigned CVE CVE-2023-1768.
To the list of all Werks