CVE-2021-46088

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2021-46088

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-46088.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2021-46088

Downstream

UBUNTU-CVE-2021-46088

Withdrawn

2025-07-02T00:57:17.714544Z

Published

2022-01-27T16:15:07Z

Modified

2024-11-21T06:33:37Z

Severity

7.2 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

Zabbix 4.0 LTS, 4.2, 4.4, and 5.0 LTS is vulnerable to Remote Code Execution (RCE). Any user with the "Zabbix Admin" role is able to run custom shell script on the application server in the context of the application user.

References

https://github.com/paalbra/zabbix-zbxsec-7

Affected packages

Git / github.com/zabbix/zabbix

Affected ranges

Type: GIT
Repo: https://github.com/zabbix/zabbix
Events: Introduced

9665d62db0e4b40f8fadbcf830e06530a0cc6935

Last affected

bf8d9f8abb3c25445cb98667cd1aade2aabc86bd