Uploaded image for project: 'ZABBIX BUGS AND ISSUES'
  1. ZABBIX BUGS AND ISSUES
  2. ZBX-18692

Value of secret macro can be exposed in the frontend

XMLWordPrintable

    • Icon: Documentation task Documentation task
    • Resolution: Fixed
    • Icon: Trivial Trivial
    • 5.4 (plan)
    • 5.0.5, 5.2.0, 5.2.1
    • Documentation (D)
    • None
    • Team D
    • Sprint 71 (Dec 2020)

      Steps to reproduce:

      1. Create a host
      2. create a secret macro on that host:
        1. Name: {$PASS}
        2. Value: MySecretPassword
      3. create item:
        1. Name: exposure
        2. Type: externalcheck
        3. Key: exposure.sh[\{$PASS}]
        4. Type of information: text
      4. create script /usr/lib/zabbix/externalscripts/exposure.sh
      5. Profit!

      script:

       

      #!/bin/bash
echo "$1"

       

       

      Since the script will be executed by the server, the secret value is available and can be used. With the simple echo statement, it will be made visible in the frontend....

        1. Exposure.PNG
          Exposure.PNG
          5 kB

            martins-v Martins Valkovskis
            brian.baekel Brian van Baekel
            Team D
            Votes:
            0 Vote for this issue
            Watchers:
            6 Start watching this issue

              Created:
              Updated:
              Resolved: