[Git][security-tracker-team/security-tracker][master] CVE-2021-46088/zabbix <undetermined> - closed as a feature upstream

Mon Feb 14 11:43:57 GMT 2022


Neil Williams pushed to branch master at Debian Security Tracker / security-tracker


Commits:
76dc57b1 by Neil Williams at 2022-02-14T11:43:18+00:00
CVE-2021-46088/zabbix <undetermined> - closed as a feature upstream

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -9189,7 +9189,11 @@ CVE-2021-46090
 CVE-2021-46089 (In JeecgBoot 3.0, there is a SQL injection vulnerability that can oper ...)
 	NOT-FOR-US: JeecgBoot
 CVE-2021-46088 (Zabbix 4.0 LTS, 4.2, 4.4, and 5.0 LTS is vulnerable to Remote Code Exe ...)
-	TODO: check
+	- zabbix <undetermined>
+	NOTE: closed upstream as a "feature", then changed in 5.4 to make the attack less likely
+	NOTE: https://github.com/paalbra/zabbix-zbxsec-7
+	NOTE: https://www.zabbix.com/documentation/3.0/en/manual/config/notifications/action/operation/remote_command
+	NOTE: https://www.zabbix.com/documentation/current/en/manual/config/notifications/action/operation/remote_command#access-permissions
 CVE-2021-46087 (In jfinal_cms >= 5.1 0, there is a storage XSS vulnerability in the ...)
 	NOT-FOR-US: jfinal_cms
 CVE-2021-46086 (xzs-mysql >= t3.4.0 is vulnerable to Insecure Permissions. The fron ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/76dc57b1a22a2b554029c977389923e0500b3012

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/76dc57b1a22a2b554029c977389923e0500b3012
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220214/99e7d624/attachment.htm>
