Today we proudly released the next version of openITCOCKPIT 3.7.1.
With this release we resolve critical security vulnerabilities. Update your system soon!
The team of RedFox InfoSec found and reported some critical Security Vulnerabilities within openITCOCKPIT.
The following issues will be resolved by updating to openITCOCKPIT 3.7.1
|High||CVE-2019-15491||ITC-2166||An authenticated openITCOCKPIT User could be lured by an attacker to a compromised website to create a valid account in openITCOCKPIT.|
|High||CVE-2019-10227||ITC-2167||XSS vulnerability in the 404 Not found page.|
Everything passed to
|Medium||CVE-2019-15493||ITC-2168||Users with permissions to "Backup / Restore" could delete any files located at
|Medium||CVE-2019-15494||ITC-2169||The detailed error output of the "Grafana Module" could be used by an attacker to collect information about third party other web servers.|
Many thanks to RedFox InfoSec for reporting this!
Have you also discovered a security breach? Please don't hesitate to contact us.
We were able to identify and resolve a performance bottleneck for large systems with thousands of containers.
The following measurements were done on a system with more than 2700 containers.
Container performance got improved by more than 100 times.
We implemented an Updater Service for the MapModule which will fetch status information for different map items in one request.
This allows to reduce the amount of HTTP requests by over 95%.
In one of our previous articles we described how to update an installation of openITCOCKPIT in detail. If you are already familiar with our update process, you can update to the new version in three easy steps:
tmux sudo apt-get update sudo apt-get dist-upgrade
Your openITCOCKPIT Team!