Loading...

XML

Word

Printable

Type: Defect (Security)
Resolution: Fixed
Priority: Minor
Fix Version/s: 3.0.27rc1, 4.0.7rc1, 4.2.1rc1, 4.4.0alpha1, 4.4 (plan)
Affects Version/s: 2.2.24rc1, 3.0.27rc1, 4.0.6rc1, 4.2.0rc2
Component/s: Frontend (F)
Labels:
- security

Sprint:
Sprint 50 (Mar 2019), Sprint 51 (Apr 2019)
Story Points:
0.25

Starting from version 3.0, Zabbix has login page without version number at page footer. That was done to avoid information leakage about potential vulnerabilities to unauthorized users.

Unfortunately, version number is included in jsLoader URL so unauthorized user can access it anyway.

part of

ZBX-9522 Frontend messaging on dashboard doesn't follow refresh period configuration.

Closed

Assignee:: Miks Kronkalns

Reporter:: Miks Kronkalns

Team:: Team B

Votes:: 1 Vote for this issue

Watchers:: 6 Start watching this issue

Created:: 2019 Mar 25 17:33

Updated:: 2024 Apr 10 17:02

Resolved:: 2019 Apr 10 09:04

Details

Description

Attachments

Issue Links

Activity

People

Dates