[ZBX-13781] CRLF Injection in Zabbix Agentd Created: 2018 Feb 27 Updated: 2024 Apr 10 Resolved: 2018 Apr 27 |
|
| Status: | Closed |
| Project: | ZABBIX BUGS AND ISSUES |
| Component/s: | Agent (G) |
| Affects Version/s: | 2.2.20, 2.2.21, 3.0.15, 3.4.7 |
| Fix Version/s: | 2.2.22rc1, 3.0.17rc1, 3.0.17rc2, 3.4.9rc1, 3.4.9rc2, 4.0.0alpha6, 4.0 (plan) |
| Type: | Problem report | Priority: | Critical |
| Reporter: | Nguyen Tien Giang | Assignee: | Michael Veksler |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Environment: |
All |
||
| Attachments: |
z2.PNG
z3.PNG
|
||||||||
| Issue Links: |
|
||||||||
| Team: | Team C | ||||||||
| Team: |  Team C |
||||||||
| Sprint: | Sprint 31, Sprint 32 | ||||||||
| Story Points: | 0.5 | ||||||||
| Description |
|
The problem happen in the item "web.page.get[]", which used to "get content of the http web page". |
| Comments |
| Comment by Glebs Ivanovskis (Inactive) [ 2018 Feb 27 ] |
|
Dear testanull, thank you for the report! Since it is a security-related issue, I will move the ticket to the internal project while we work on the fix so that the vulnerability cannot be exploited. Ticket will be moved back when a version with the fix is released. Hopefully you will get an email about this comment. |
| Comment by Glebs Ivanovskis (Inactive) [ 2018 Apr 21 ] |
|
We are planning to release the fixed version on Monday. I suggest you wait until release, ticket was moved into public ZBX project a bit too early. |
| Comment by Michael Veksler [ 2018 Apr 27 ] |
|
Available in:
|
