-
Defect (Security)
-
Resolution: Fixed
-
Trivial
-
None
-
1.5
Currently HOST.CONN macro is used in Ping script (globals script), but it can be used to inject another script into PING like so:
- Setting host ip to {$MACRO}
- Setting macro to "127.0.0.1; cat /etc/zabbix/zabbix_server.conf"
Zabbix server should perform validation of expanded HOST.CONN macro and not execute global script if macro is expanded into something that is not IP / domain name.
- mentioned in
-
Page Loading...