[ZBX-18057] Stored Cross Site Scripting attack on URL widget (CVE-2020-15803) - ZABBIX SUPPORT

XML

Word

Printable

Details

Type: Defect (Security)
Status: Closed
Priority: Trivial
Resolution: Fixed
Affects Version/s: 4.0.21rc1, 5.0.1rc1
Fix Version/s: 3.0.32rc1, 4.0.22rc1, 5.0.2rc1, 5.2.0alpha1, 5.2 (plan)
Component/s: Frontend (F)
Labels:
- security

Team:
Team B
Sprint:
Sprint 66 (Jul 2020)
Story Points:
1

Description

Add in to zabbix defines configuration to use iFrame sandbox parameter
1. On by default
2. Update documentation on https://www.zabbix.com/documentation/current/manual/installation/requirements/best_practices
Add sandbox parameter to URL widget iframe

As a separate change will be refactoring of definex.inc to allow user override defines without reset the values on update.

Attachments

Issue Links

causes

ZBXNEXT-82 support of 'local' config files

Closed

Activity

People

Assignee:: Mārtiņš Tālbergs (Inactive)

Reporter:: Rostislav Palivoda

Votes:: 0 Vote for this issue

Watchers:: 11 Start watching this issue

Dates

Created:: 2020 May 27 11:32

Updated:: 2021 Mar 08 16:19

Resolved:: 2020 Jul 18 20:20