[ZBX-13781] CRLF Injection in Zabbix Agentd Created: 2018 Feb 27 Updated: 2024 Apr 10 Resolved: 2018 Apr 27 |
|
Status: | Closed |
Project: | ZABBIX BUGS AND ISSUES |
Component/s: | Agent (G) |
Affects Version/s: | 2.2.20, 2.2.21, 3.0.15, 3.4.7 |
Fix Version/s: | 2.2.22rc1, 3.0.17rc1, 3.0.17rc2, 3.4.9rc1, 3.4.9rc2, 4.0.0alpha6, 4.0 (plan) |
Type: | Problem report | Priority: | Critical |
Reporter: | Nguyen Tien Giang | Assignee: | Michael Veksler |
Resolution: | Fixed | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified | ||
Environment: |
All |
Attachments: | z2.PNG z3.PNG | ||||||||
Issue Links: |
|
||||||||
Team: | Team C | ||||||||
Team: | Team C | ||||||||
Sprint: | Sprint 31, Sprint 32 | ||||||||
Story Points: | 0.5 |
Description |
The problem happen in the item "web.page.get[]", which used to "get content of the http web page". |
Comments |
Comment by Glebs Ivanovskis (Inactive) [ 2018 Feb 27 ] |
Dear testanull, thank you for the report! Since it is a security-related issue, I will move the ticket to the internal project while we work on the fix so that the vulnerability cannot be exploited. Ticket will be moved back when a version with the fix is released. Hopefully you will get an email about this comment. |
Comment by Glebs Ivanovskis (Inactive) [ 2018 Apr 21 ] |
We are planning to release the fixed version on Monday. I suggest you wait until release, ticket was moved into public ZBX project a bit too early. |
Comment by Michael Veksler [ 2018 Apr 27 ] |
Available in:
|