Описание
The website configured in the URL widget will receive a session cookie when testing or executing scheduled reports. The received session cookie can then be used to access the frontend as the particular user.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| zabbix | fixed | 1:6.0.23+dfsg-1 | package | |
| zabbix | not-affected | bullseye | package | |
| zabbix | not-affected | buster | package |
Примечания
https://support.zabbix.com/browse/ZBX-23854
https://github.com/zabbix/zabbix/commit/89e0cd6ea93a097671d6bcfbfa674047a3096b26 (6.0.22rc1)
report_manager introduced with: https://github.com/zabbix/zabbix/commit/a06a08111546081e8256267bc0062cbd74dc3309 (6.0.0alpha1)
EPSS
Связанные уязвимости
The website configured in the URL widget will receive a session cookie when testing or executing scheduled reports. The received session cookie can then be used to access the frontend as the particular user.
The website configured in the URL widget will receive a session cookie when testing or executing scheduled reports. The received session cookie can then be used to access the frontend as the particular user.
Уязвимость файла cookie zbx_session универсальной системы мониторинга Zabbix, позволяющая нарушителю повысить свои привилегии
EPSS