openITCOCKPIT Blog

openITCOCKPIT 3.7.1 released

21.05.2019

Today we proudly released the next version of openITCOCKPIT 3.7.1.

openITCOCKPIT Security Update

With this release we resolve critical security vulnerabilities. Update your system soon!

Resolved Security Vulnerabilities

The team of RedFox InfoSec found and reported some critical Security Vulnerabilities within openITCOCKPIT.

The following issues will be resolved by updating to openITCOCKPIT 3.7.1

Impact CVE ID Vulnerability Summary
High CVE-2019-15491 ITC-2166 An authenticated openITCOCKPIT User could be lured by an attacker to a compromised website to create a valid account in openITCOCKPIT.
High CVE-2019-10227 ITC-2167 XSS vulnerability in the 404 Not found page.
High CVE-2019-15490 ITC-2164 Everything passed to command_line including macros like $USER1$ and $ARG1$ will get executed by the monitoring engine. This is the default behavor of Nagios and Naemon.
Medium CVE-2019-15493 ITC-2168 Users with permissions to "Backup / Restore" could delete any files located at /opt/openitc/.
Medium CVE-2019-15494 ITC-2169 The detailed error output of the "Grafana Module" could be used by an attacker to collect information about third party other web servers.
Low CVE-2019-15492 ITC-2170
  • /hosts/ping.json allows the proceeding of any IP address
  • Invalid API keys can be generated
  • Authenticated Cross-Site-Scripting on: /dashboards/dynamicDirective?directive=script%3Ealert(1);//

Many thanks to RedFox InfoSec for reporting this!

Have you also discovered a security breach? Please don’t hesitate to contact us.

Improved container performance

We were able to identify and resolve a performance bottleneck for large systems with thousands of containers.

The following measurements were done on a system with more than 2700 containers.

Container performance got improved by more than 100 times.

Reduced amount of request fired by MapModule

We implemented an Updater Service for the MapModule which will fetch status information for different map items in one request.

This allows to reduce the amount of HTTP requests by over 95%.

Changes are available in the changelog.

How to Update

In one of our previous articles we described how to update an installation of openITCOCKPIT in detail. If you are already familiar with our update process, you can update to the new version in three easy steps:

tmux
sudo apt-get update
sudo apt-get dist-upgrade

Your openITCOCKPIT Team!

More posts