漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Insufficient isolation of JavaScript (Duktape) execution context on Zabbix Server
Vulnerability Description
For performance reasons Zabbix Server/Proxy reuses JavaScript (Duktape) contexts (used in script items, JavaScript reprocessing, Webhooks). This can lead to confidentiality loss where a regular (non-super) Zabbix administrator leaks data for hosts they do not have access to. A fix has been released that makes the built in Zabbix JavaScript objects read-only, but please be advised that usage of global JavaScript variables is not recommended because their content could be leaked. More information <a href='https://www.zabbix.com/documentation/7.4/en/manual/installation/known_issues#preprocessing-global-variables-are-unsafe'>in Zabbix documentation</a>.
CVSS Information
N/A
Vulnerability Type
对错误会话暴露数据元素
Vulnerability Title
Zabbix 安全漏洞
Vulnerability Description
Zabbix是Zabbix公司的一套开源的监控系统。该系统支持网络监控、服务器监控、云监控和应用监控等。 Zabbix存在安全漏洞,该漏洞源于JavaScript环境重用不当,可能导致非超级管理员泄露其无权访问的主机数据。
CVSS Information
N/A
Vulnerability Type
N/A