CVE-2023-29456 — Improper Input Validation in Zabbix

CWE-20 — Improper Input Validation CWE-79 — Cross-site Scripting5 documents5 sources

Severity

5.4MEDIUMNVD

CNA5.7

EPSS

0.2%

top 63.95%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Zabbix Zabbix Frontend

Timeline

PublishedJul 13

Description

URL validation scheme receives input from a user and then parses it to identify its various components. The validation scheme can ensure that all URL components comply with internet standards.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages3 packages

▶Debianzabbix/zabbix< 1:5.0.44+dfsg-1+deb11u1+2

▶CVEListV5zabbix/zabbix4.0.0 — 4.0.46+4

▶NVDzabbix/frontend4.0.0 — 4.0.46+3

Patches

Patch: support.zabbix.com ↗Patch: support.zabbix.com ↗

🔴Vulnerability Details

GHSA

GHSA-q598-p9hw-59vj: URL validation scheme receives input from a user and then parses it to identify its various components↗2023-07-13

▶

CVEList

Inefficient URL schema validation↗2023-07-13

▶

OSV

CVE-2023-29456: URL validation scheme receives input from a user and then parses it to identify its various components↗2023-07-13

▶

📋Vendor Advisories

Debian

CVE-2023-29456: zabbix - URL validation scheme receives input from a user and then parses it to identify ...↗2023

▶