Welcome to docs.opsview.com

This is an old revision of the document!

This page lists known issues for this version of Opsview:

Security Patch

As reported by Piotr Karolak of Trustwave's SpiderLabs a security vulnerability was identified that has the potential to allow unauthenticated access to the file system of an Opsview Monitor system by issuing a specially crafted HTTP GET request.

Opsview have created a patch to resolve this security vulnerability which can be easily applied to your Opsview Monitor system. In order to do so you will need to follow the steps listed below:

First of all you will need to download the patch and Dashboard file here https://s3-eu-west-1.amazonaws.com/opsview-patches/cve-patches-4x-5x-dashboard.tgz

On your Opsview Monitor system, as the *nagios* user, locate the directory containing the files to be patched:

$ find /opt/opsview/work/ -name Dashboard.pm

$ /opt/opsview/work/par-6e6167696f73/cache-6b70f1ad4fabaaf533b1e2d06dfeea687c47a070/inc/lib/Opsview/Web/Controller/Dashboard.pm

Change directory to the one that contains lib/ directory

$ cd /opt/opsview/work/par-6e6167696f73/cache-6b70f1ad4fabaaf533b1e2d06dfeea687c47a070/inc

Apply the patch

$ patch -p1 < /path/to/cve-patch-4.6.patch

Replace the dashboard file

$ cp /path/to/Dashboard.pm-4.6 lib/Opsview/Web/Controller/Dashboard.pm

Restart Opsview

/etc/init.d/opsview-web restart

The patch will now have been successfully applied to your Opsview Monitor system.

This is fixed in Opsview version:

Other known issues