Описание
An administrator with restricted permissions can exploit the script execution functionality within the Monitoring Hosts section. The lack of default escaping for script parameters enabled this user ability to execute arbitrary code via the Ping script, thereby compromising infrastructure.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| zabbix | fixed | 1:7.0.0+dfsg-1 | package |
Примечания
https://support.zabbix.com/browse/ZBX-25016
https://github.com/zabbix/zabbix/commit/afb3ab931d59af61e4f974634b85bcbed5a042b2 (7.0.0rc3)
https://github.com/zabbix/zabbix/commit/679e18f172fc1f9a78b19789fbbc52246871ff19 (7.0.1rc1)
https://github.com/zabbix/zabbix/commit/e6acaef1df1db44aaa9c1a0e1953a4da21425636 (7.0.1rc1)
https://github.com/zabbix/zabbix/commit/182e1a9d96dcd82de337b31dc1cbbd6b4b619281 (6.4.16rc1)
https://github.com/zabbix/zabbix/commit/a2dad304083387b8597ef1d67394f285b105f614 (6.4.16rc1)
EPSS
Связанные уязвимости
An administrator with restricted permissions can exploit the script execution functionality within the Monitoring Hosts section. The lack of default escaping for script parameters enabled this user ability to execute arbitrary code via the Ping script, thereby compromising infrastructure.
An administrator with restricted permissions can exploit the script execution functionality within the Monitoring Hosts section. The lack of default escaping for script parameters enabled this user ability to execute arbitrary code via the Ping script, thereby compromising infrastructure.
An administrator with restricted permissions can exploit the script execution functionality within the Monitoring Hosts section. The lack of default escaping for script parameters enabled this user ability to execute arbitrary code via the Ping script, thereby compromising infrastructure.
Уязвимость компонента «Мониторинг хостов» универсальной системы мониторинга Zabbix, позволяющая нарушителю выполнить произвольный код
EPSS