13. 05. 2021 Mattia Codato Bug Fixes, ITOA, NetEye

Bug Fixes for NetEye 4.17

We fixed two security vulnerabilities related to the web interface.
They were related to the cross-site request forgery attack and the clickjacking attack.
Both are used to induce users to perform actions that they do not intend to perform by hiding the NetEye web interface under some eye-catching pages or with some malicious links sent for example by email.

More information on how the vulnerabilities work can be found here:

Furthermore, we fixed a bug related to the users SSO in the ITOA module. When the users belonged to teams of different organizations, the teams were not correctly assigned.

For NetEye 4.17 we updated the following packages:

  • httpd-neteye-config and httpd-neteye-config-autosetup to version 1.9.1-1
  • icingaweb2-module-analytics and icingaweb2-module-analytics-autosetup to version 1.38.1-1
Mattia Codato

Mattia Codato

Software Developer - IT System & Service Management Solutions at Würth Phoenix

Author

Mattia Codato

Software Developer - IT System & Service Management Solutions at Würth Phoenix

Latest posts by Mattia Codato

18. 12. 2024 Automation, Development, DevOps
GitOps: Push vs Pull? Choosing the Right Approach for Production Deployments
02. 12. 2024 Bug Fixes, NetEye
Bug Fixes for NetEye 4.38
25. 11. 2024 ctf-writeups, Events
WP CTF 2024: Another Successful Edition!
14. 11. 2024 Bug Fixes
NetEye 4 – Security Advisory
24. 10. 2024 Bug Fixes, NetEye
Bug Fixes for NetEye 4.38
See All

Related Content

Tags: ,

10. 01. 2025 Bug Fixes, NetEye

Bug Fixes for NetEye 4.39

We have resolved an issue that prevented Elastic Agents from successfully connecting to the Fleet Server when their requests were excessively large. Additionally, we addressed a bug in the neteye update and neteye upgrade processes, which was incorrectly initiating a Read More
07. 01. 2025 Bug Fixes, NetEye

Bug Fixes for NetEye 4.39

We fixed a bug which was causing Elastic Agents to disconnect themselves at regular intervals from Fleet. We updated the following packages: elastic-agent, elastic-agent-autosetup, elastic-agent-neteye-config, filebeat, filebeat-autosetup, filebeat-neteye-config, logstash, logstash-neteye-config, logstash-autosetup, logstash-neteye-config-autosetup, kibana, kibana-autosetup, kibana-neteye-config, elasticsearch, elasticsearch-autosetup, elasticsearch-neteye-config, elasticsearch-xpack-license to Read More
20. 12. 2024 Bug Fixes, NetEye

Bug Fixes for NetEye 4.39

We fixed a bug which was causing the Elasticsearch upgrade procedure to fail in a race condition. In particular, after the upgrade of the Elasticsearch RPM and before the restart of the service, the running Elasticsearch service could possibly fail Read More
20. 12. 2024 Automation, Development, NetEye

When Less is More: NetEye Update and Upgrade Checkpoints

Hello everyone! Today, I'd like to briefly discuss an improvement to the update and upgrade procedures that we've started to adopt with NetEye 4.39! What we wanted to improve One aspect that made quite an impact was that whenever the Read More
19. 12. 2024 Automation, Development, NetEye

NetEye Install and Upgrades: Moving to a Parallel Architecture

Hello everyone! Today, I’d like to share an exciting improvement we’ve made to the installation and upgrade procedures in NetEye, introducing a faster and more efficient parallel architecture! Why Modernize the Installation and Upgrade Processes? At Würth Phoenix, we strive Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

Search by technology

Contact

Contact us
Serviceportal

Archive