CVE-2024-22116

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2024-22116
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-22116.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-22116
Downstream
Published
2024-08-12T13:38:15Z
Modified
2025-09-24T12:23:47.486829Z
Severity
  • 7.2 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

An administrator with restricted permissions can exploit the script execution functionality within the Monitoring Hosts section. The lack of default escaping for script parameters enabled this user ability to execute arbitrary code via the Ping script, thereby compromising infrastructure.

References

Affected packages

Git / github.com/zabbix/zabbix

Affected ranges

Type
GIT
Repo
https://github.com/zabbix/zabbix
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
11b4728fed8d43dcaea1fb061bc66903bc1a614c
Last affected
2ece7509fa634b1a5a2300fc743f595dcf783924
Last affected
5da045b87956adeab639bf0b3d71f8c99a664233
Last affected
6a0cc01bda00a30dba89b5ce4b32929393e0b523
Last affected
6c4616adff77b12e9e208c55257522f9a3cd8430
Last affected
721b0012b82edad4dd6617b0e2aa934611cc8cec
Last affected
72e3519b849b54011cc7792669fbcc629eb502c9
Last affected
78774f702f8d222235c6e5a8b27db9490386c2e9
Last affected
8880b5094a533ea929452b4aebf021914df01eb8
Last affected
9bc845eca94c33485e68b46e5884a9ff6beb31cc
Last affected
aef542ad8aef472874199012f9b2350db16dc7ee
Last affected
b6bea25de214bef475bcb907f27f68d4457d55b1
Last affected
c3509cfd591f127fe28406d4a266e02f3e84a18b
Last affected
cf4c50ece539d86f04d88401045c703b5ae4cfe9

Affected versions

6.*

6.0.0
6.0.0alpha1
6.0.0alpha2
6.0.0alpha3
6.0.0alpha4
6.0.0alpha5
6.0.0alpha6
6.0.0alpha7
6.0.0beta1
6.0.0beta2
6.0.0beta3
6.0.0rc1
6.0.0rc2

7.*

7.0.0alpha1
7.0.0alpha2
7.0.0alpha3
7.0.0alpha4
7.0.0alpha6
7.0.0alpha7
7.0.0alpha8
7.0.0alpha9
7.0.0beta1
7.0.0beta2
7.0.0beta3