Does the piggyback feature depend on any extra configuration - i.e. a whitelist of any kind?
If I have two hosts defined (in a multi-tenant check_mk), and a malicious actor configures host1’s check_mk agent to return
<<<<host2>>>> (i.e. they guessed or know the other hostname), isn’t that a security issue?
EDIT: of course, as soon as I posted, I found https://checkmk.com/check_mk-werks.php?werk_id=7245 . Is that the recommended mitigation?