mohabusama
commented
6 years ago Other plugins need to be checked as well.
Closed mohabusama closed 6 years ago
mohabusama
commented
6 years ago Other plugins need to be checked as well.
The safety check in jolokia can be circumvented and use can use it to send arbitrary POST requests.
https://github.com/zalando-zmon/zmon-worker/blob/master/zmon_worker_monitor/builtins/plugins/http.py#L258