Note:
This project will be discontinued after December 13, 2021. [more]
2019-02-17
Zabbix before 2.2.21rc1, 3.x before 3.0.13rc1, 3.1.x and 3.2.x before 3.2.10rc1, and 3.3.x and 3.4.x before 3.4.4rc1 allows open redirect via the request parameter.
Products | Debian_linux, Zabbix |
Type | URL Redirection to Untrusted Site ('Open Redirect') (CWE-601) |
First patch | - None (likely due to unavailable code) |
Links |
• https://lists.debian.org/debian-lts-announce/2020/11/msg00039.html
• https://support.zabbix.com/browse/ZBX-10272 • https://support.zabbix.com/browse/ZBX-13133 • https://lists.debian.org/debian-lts-announce/2019/03/msg00010.html |