Setting SMS media allows to set GSM modem file. Later this file is used as Linux device. But due everything is a file for Linux, it is possible to set another file, e.g. log file and zabbix_server will try to communicate with it as modem. As a result, log file will be broken with AT commands and small part for log file content will be leaked to UI.
References
| Link | Resource |
|---|---|
| https://support.zabbix.com/browse/ZBX-25013 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
10 Dec 2024, 16:32
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://support.zabbix.com/browse/ZBX-25013 - Vendor Advisory | |
| First Time |
Zabbix zabbix
Zabbix |
|
| CPE | cpe:2.3:a:zabbix:zabbix:7.0.0:beta1:*:*:*:*:*:* cpe:2.3:a:zabbix:zabbix:7.0.0:beta2:*:*:*:*:*:* cpe:2.3:a:zabbix:zabbix:7.0.0:alpha8:*:*:*:*:*:* cpe:2.3:a:zabbix:zabbix:7.0.0:rc1:*:*:*:*:*:* cpe:2.3:a:zabbix:zabbix:7.0.0:rc2:*:*:*:*:*:* cpe:2.3:a:zabbix:zabbix:*:*:*:*:*:*:*:* cpe:2.3:a:zabbix:zabbix:7.0.0:alpha5:*:*:*:*:*:* cpe:2.3:a:zabbix:zabbix:7.0.0:alpha2:*:*:*:*:*:* cpe:2.3:a:zabbix:zabbix:7.0.0:alpha6:*:*:*:*:*:* cpe:2.3:a:zabbix:zabbix:7.0.0:alpha4:*:*:*:*:*:* cpe:2.3:a:zabbix:zabbix:7.0.0:alpha7:*:*:*:*:*:* cpe:2.3:a:zabbix:zabbix:7.0.0:alpha9:*:*:*:*:*:* cpe:2.3:a:zabbix:zabbix:7.0.0:alpha3:*:*:*:*:*:* cpe:2.3:a:zabbix:zabbix:7.0.0:alpha1:*:*:*:*:*:* cpe:2.3:a:zabbix:zabbix:7.0.0:beta3:*:*:*:*:*:* |
Information
Published : 2024-08-12 13:38
Updated : 2024-12-10 16:32
NVD link : CVE-2024-22123
Mitre link : CVE-2024-22123
CVE.ORG link : CVE-2024-22123
JSON object : View
Products Affected
zabbix
- zabbix
CWE
CWE-94
Improper Control of Generation of Code ('Code Injection')