[ZBX-13260] Guest have access to script execution link Created: 2017 Aug 29 Updated: 2024 Apr 10 Resolved: 2017 Dec 27 |
|
Status: | Closed |
Project: | ZABBIX BUGS AND ISSUES |
Component/s: | Frontend (F) |
Affects Version/s: | 4.0.0alpha1 |
Fix Version/s: | 3.0.14rc1, 3.2.11rc1, 3.4.5rc1, 4.0.0alpha1, 4.0 (plan) |
Type: | Defect (Security) | Priority: | Critical |
Reporter: | Natalja Romancaka | Assignee: | Miks Kronkalns |
Resolution: | Fixed | Votes: | 0 |
Labels: | scripts, security | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Team: | Team A |
Team: | Team A |
Sprint: | Sprint 19, Sprint 21, Sprint 22 |
Story Points: | 0.5 |
Description |
Guest can open script execution link, for example /scripts_exec.php?hostid=10084&scriptid=1 Thanks to vjaceslavs |
Comments |
Comment by Vjaceslavs Bogdanovs [ 2017 Oct 20 ] |
Permission checks should be added to scripts_exec.php. Can be done in a few hours (not more than 3). |
Comment by Miks Kronkalns [ 2017 Nov 22 ] |
RESOLVED in ^/branches/dev/ |
Comment by Miks Kronkalns [ 2017 Nov 22 ] |
(1) No translation string changes. vjaceslavs CLOSED |
Comment by Miks Kronkalns [ 2017 Nov 22 ] |
Removed v2.2 from 'Fix Version/s' because it is not affected. |
Comment by Miks Kronkalns [ 2017 Nov 28 ] |
Fixed:
|