Uploaded image for project: 'ZABBIX BUGS AND ISSUES'
  1. ZABBIX BUGS AND ISSUES
  2. ZBX-18692

Value of secret macro can be exposed in the frontend

    XMLWordPrintable

    Details

    • Type: Documentation task
    • Status: Closed
    • Priority: Trivial
    • Resolution: Fixed
    • Affects Version/s: 5.0.5, 5.2.0, 5.2.1
    • Fix Version/s: 5.4 (plan)
    • Component/s: Documentation (D)
    • Labels:
      None
    • Team:
      Team D
    • Sprint:
      Sprint 71 (Dec 2020)

      Description

      Steps to reproduce:

      1. Create a host
      2. create a secret macro on that host:
        1. Name: {$PASS}
        2. Value: MySecretPassword
      3. create item:
        1. Name: exposure
        2. Type: externalcheck
        3. Key: exposure.sh[\{$PASS}]
        4. Type of information: text
      4. create script /usr/lib/zabbix/externalscripts/exposure.sh
      5. Profit!

      script:

       

      #!/bin/bash
      echo "$1"
      

       

       

      Since the script will be executed by the server, the secret value is available and can be used. With the simple echo statement, it will be made visible in the frontend....

        Attachments

        1. Exposure.PNG
          5 kB
          Aleksandrs Pahomovs

          Activity

            People

            Assignee:
            martins-v Martins Valkovskis
            Reporter:
            brian.baekel Brian van Baekel
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: