CVE-2023-29453 — Code Injection in Zabbix-agent2

CWE-94 — Code Injection5 documents5 sources

Severity

9.8CRITICALNVD

EPSS

0.6%

top 31.70%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Zabbix Zabbix Zabbix-agent2

Timeline

PublishedOct 12

Description

Templates do not properly consider backticks (`) as Javascript string delimiters, and do not escape them as expected. Backticks are used, since ES6, for JS template literals. If a template contains a Go template action within a Javascript template literal, the contents of the action can be used to terminate the literal, injecting arbitrary Javascript code into the Go template. As ES6 template literals are rather complex, and themselves can do string interpolation, the decision was made to simply…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages3 packages

▶NVDzabbix/zabbix-agent25.0.0 — 5.0.35+2

▶Debianzabbix/zabbix< 1:6.0.23+dfsg-1+1

▶CVEListV5zabbix/zabbix5.0.0 — 5.0.34+2

🔴Vulnerability Details

OSV

CVE-2023-29453: Templates do not properly consider backticks (`) as Javascript string delimiters, and do not escape them as expected↗2023-10-12

▶

CVEList

Agent 2 package are built with Go version affected by CVE-2023-24538↗2023-10-12

▶

GHSA

GHSA-7374-hfgm-rm8v: Templates do not properly consider backticks (`) as Javascript string delimiters, and do not escape them as expected↗2023-10-12

▶

📋Vendor Advisories

Debian

CVE-2023-29453: zabbix - Templates do not properly consider backticks (`) as Javascript string delimiters...↗2023

▶