[ZBX-17600] Zabbix remote code execution vulnerability (CVE-2020-11800) Created: 2020 Apr 15  Updated: 2024 Apr 10  Resolved: 2020 Apr 20

Status: Closed
Project: ZABBIX BUGS AND ISSUES
Component/s: None
Affects Version/s: 3.0.30
Fix Version/s: 3.0.31rc1

Type: Defect (Security) Priority: Blocker
Reporter: Rostislav Palivoda (Inactive) Assignee: Andris Mednis
Resolution: Fixed Votes: 0
Labels: security
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Causes
Team: Team A
Sprint: Sprint 63 (Apr 2020)
Story Points: 0.5

 Description   

Fixed security vulnerability CVE-2020-11800 (remote code execution).

Thanks to FU CHUANG for discovering and reporting this vulnerability!

Affected:

  • Zabbix 3.2 (end of support)
  • Zabbix 3.0 up to 3.0.30
  • Zabbix 2.2.x after 2.2.18 (end of support)

Fixed:

  • Zabbix 3.0.31

Not affected:

  • Zabbix 3.4, 4.0, 5.0

 Comments   
Comment by Andris Mednis [ 2020 Apr 17 ]

Available in versions:

Comment by Stoyan Stoyanov [ 2020 May 07 ]

Is the issue present in both the server and the agent?

Comment by Andris Mednis [ 2020 May 07 ]

As far as we know - remote code can be executed only on server.

Generated at Sun Jun 08 07:57:22 EEST 2025 using Jira 9.12.4#9120004-sha1:625303b708afdb767e17cb2838290c41888e9ff0.