A critical security vulnerability, identified as CVE-2024-22116, has been patched in Zabbix, a popular monitoring solution. The vulnerability allowed an administrator with restricted permissions to execute arbitrary code via the Ping script in the Monitoring Hosts section, potentially compromising the infrastructure.
The vulnerability, which had a CVSS score of 9.9, was discovered by justonezero, a security researcher who submitted the report through the HackerOne bug bounty platform. Zabbix has acknowledged and thanked justonezero for their contribution to the platform’s security.
https://cybersecuritynews.com/zabbix-se ... erability/