openITCOCKPIT 3.7.1 released



Today we proudly released the next version of openITCOCKPIT 3.7.1.

With this release we resolve critical security vulnerabilities. Update your system soon!

Resolved Security Vulnerabilities

The team of RedFox InfoSec found and reported some critical Security Vulnerabilities within openITCOCKPIT.

The following issues will be resolved by updating to openITCOCKPIT 3.7.1

ID Impact Vulnerability Summary
RVID: 2-445b21 High An authenticated openITCOCKPIT User could be lured by an attacker to a compromised website to create a valid account in openITCOCKPIT.
RVID: 3-445b21 High XSS vulnerability in the 404 Not found page.
RVID: 4-445b21 Medium Users with permissions to "Backup / Restore" could delete any files located at /opt/openitc/.
RVID: 5-445b21 Medium The detailed error output of the "Grafana Module" could be used by an attacker to collect information about third party other web servers.
ITC-2170 Low
  • /hosts/ping.json allows the proceeding of any IP address
  • Invalid API keys can be generated
  • Authenticated Cross-Site-Scripting on: /dashboards/dynamicDirective?directive=script%3Ealert(1);//

Many thanks to RedFox InfoSec for reporting this!

Have you also discovered a security breach? Please don't hesitate to contact us.

Improved container performance

We were able to identify and resolve a performance bottleneck for large systems with thousands of containers.

The following measurements were done on a system with more than 2700 containers.

Container performance got improved by more than 100 times.

Reduced amount of request fired by MapModule

We implemented an Updater Service for the MapModule which will fetch status information for different map items in one request.

This allows to reduce the amount of HTTP requests by over 95%.

Changes are available in the changelog.

How to Update

In one of our previous articles we described how to update an installation of openITCOCKPIT in detail. If you are already familiar with our update process, you can update to the new version in three easy steps:

tmux
sudo apt-get update
sudo apt-get dist-upgrade

Your openITCOCKPIT Team!