Uploaded image for project: 'ZABBIX BUGS AND ISSUES'
  1. ZABBIX BUGS AND ISSUES
  2. ZBX-18692

Value of secret macro can be exposed in the frontend

    XMLWordPrintable

Details

    • Documentation task
    • Status: Closed
    • Trivial
    • Resolution: Fixed
    • 5.0.5, 5.2.0, 5.2.1
    • 5.4 (plan)
    • Documentation (D)
    • None
    • Team D
    • Sprint 71 (Dec 2020)

    Description

      Steps to reproduce:

      1. Create a host
      2. create a secret macro on that host:
        1. Name: {$PASS}
        2. Value: MySecretPassword
      3. create item:
        1. Name: exposure
        2. Type: externalcheck
        3. Key: exposure.sh[\{$PASS}]
        4. Type of information: text
      4. create script /usr/lib/zabbix/externalscripts/exposure.sh
      5. Profit!

      script:

       

      #!/bin/bash
      echo "$1"
      

       

       

      Since the script will be executed by the server, the secret value is available and can be used. With the simple echo statement, it will be made visible in the frontend....

      Attachments

        Activity

          People

            martins-v Martins Valkovskis
            brian.baekel Brian van Baekel
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: