[ZBX-13133] Multiple security issues in frontend Created: 2017 Dec 04  Updated: 2024 Apr 10  Resolved: 2017 Dec 04

Status: Closed
Project: ZABBIX BUGS AND ISSUES
Component/s: Frontend (F)
Affects Version/s: 2.2.20, 3.0.13, 3.2.10, 3.4.4, 4.0.0alpha1
Fix Version/s: 2.2.21rc1, 3.0.13, 3.2.10, 3.4.4, 4.0.0alpha1

Type: Incident report Priority: Trivial
Reporter: Miks Kronkalns Assignee: Miks Kronkalns
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Duplicate
is duplicated by ZBX-10272 URL Redirect Closed
Team: Team A

 Description   

Multiple security issues in frontend:

  1. Inclusive Phishing through URL Redirection
  2. Database Error Pattern / Application Error reveals Internal Server Paths
  3. Requests vulnerable to Cross-Site Request Forgery
  4. UI Redress Attack (Clickjacking)
  5. Content sniffing not disabled
  6. Strict Transport Security is not enforced
  7. Browser cross-site scripting filter misconfiguration

 Comments   
Comment by Miks Kronkalns [ 2017 Dec 04 ]

Fixed:

  • 2.2.21rc1 r75343
  • 3.0.13rc1 r75345
  • 3.2.10rc1 r75353
  • 3.4.4rc1 r75349
  • 4.0.0alpha1 (trunk) r75351
Generated at Fri Apr 26 01:10:17 EEST 2024 using Jira 9.12.4#9120004-sha1:625303b708afdb767e17cb2838290c41888e9ff0.