Bug 2281599 (CVE-2024-22120)

Summary: CVE-2024-22120 zabbix: command execution for configured scripts
Product: [Other] Security Response Reporter: ybuenos
Component: vulnerabilityAssignee: Product Security <prodsec-ir-bot>
Status: NEW --- QA Contact:
Severity: high Docs Contact:
Priority: high    
Version: unspecifiedKeywords: Security
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2281600, 2281601, 2281602, 2281603    
Bug Blocks:    

Description ybuenos 2024-05-20 07:28:34 UTC 
Zabbix server can perform command execution for configured scripts. After command is executed, audit entry is added to "Audit Log". Due to "clientip" field is not sanitized, it is possible to injection SQL into "clientip" and exploit time based blind SQL injection.

https://support.zabbix.com/browse/ZBX-24505
Comment 1 ybuenos 2024-05-20 07:29:03 UTC 
Created zabbix tracking bugs for this issue:

Affects: epel-all [bug 2281601]
Affects: fedora-all [bug 2281600]


Created zabbix40 tracking bugs for this issue:

Affects: epel-all [bug 2281602]


Created zabbix50 tracking bugs for this issue:

Affects: epel-7 [bug 2281603]