Debian Zabbix vulnerabilities

CVE-2024-22120 [CRITICAL] CVE-2024-22120: zabbix - Zabbix server can perform command execution for configured scripts. After comman... Zabbix server can perform command execution for configured scripts. After command is executed, audit entry is added to "Audit Log". Due to "clientip" field is not sanitized, it is possible to injection SQL into "clientip" and exploit time based blind SQL injection. Scope: local bookworm: open bullseye: resolved forky: resolved (fixed in 1:6.0.29+dfsg-1) sid: reso

CVE-2024-42330 [CRITICAL] CVE-2024-42330: zabbix - The HttpRequest object allows to get the HTTP headers from the server's response... The HttpRequest object allows to get the HTTP headers from the server's response after sending the request. The problem is that the returned strings are created directly from the data returned by the server and are not correctly encoded for JavaScript. This allows to create internal strings that can be used to access hidden properties of objects. Scope: local boo

CVE-2024-36466 [HIGH] CVE-2024-36466: zabbix - A bug in the code allows an attacker to sign a forged zbx_session cookie, which ... A bug in the code allows an attacker to sign a forged zbx_session cookie, which then allows them to sign in with admin permissions. Scope: local bookworm: open bullseye: resolved forky: resolved (fixed in 1:7.0.1+dfsg-1) sid: resolved (fixed in 1:7.0.1+dfsg-1) trixie: resolved (fixed in 1:7.0.1+dfsg-1)

CVE-2024-36467 [HIGH] CVE-2024-36467: zabbix - An authenticated user with API access (e.g.: user with default User role), more ... An authenticated user with API access (e.g.: user with default User role), more specifically a user with access to the user.update API endpoint is enough to be able to add themselves to any group (e.g.: Zabbix Administrators), except to groups that are disabled or having restricted GUI access. Scope: local bookworm: open bullseye: resolved (fixed in 1:5.0.44+dfsg-1+d

CVE-2024-45699 [HIGH] CVE-2024-45699: zabbix - The endpoint /zabbix.php?action=export.valuemaps suffers from a Cross-Site Scrip... The endpoint /zabbix.php?action=export.valuemaps suffers from a Cross-Site Scripting vulnerability via the backurl parameter. This is caused by the reflection of user-supplied data without appropriate HTML escaping or output encoding. As a result, a JavaScript payload may be injected into the above endpoint causing it to be executed within the context of the victim's

CVE-2024-36460 [HIGH] CVE-2024-36460: zabbix - The front-end audit log allows viewing of unprotected plaintext passwords, where... The front-end audit log allows viewing of unprotected plaintext passwords, where the passwords are displayed in plain text. Scope: local bookworm: open bullseye: resolved (fixed in 1:5.0.44+dfsg-1+deb11u1) forky: resolved (fixed in 1:7.0.1+dfsg-1) sid: resolved (fixed in 1:7.0.1+dfsg-1) trixie: resolved (fixed in 1:7.0.1+dfsg-1)

CVE-2024-45700 [MEDIUM] CVE-2024-45700: zabbix - Zabbix server is vulnerable to a DoS vulnerability due to uncontrolled resource ... Zabbix server is vulnerable to a DoS vulnerability due to uncontrolled resource exhaustion. An attacker can send specially crafted requests to the server, which will cause the server to allocate an excessive amount of memory and perform CPU-intensive decompression operations, ultimately leading to a service crash. Scope: local bookworm: open bullseye: resolved (fix

CVE-2024-22119 [MEDIUM] CVE-2024-22119: zabbix - The cause of vulnerability is improper validation of form input field “Name” on ... The cause of vulnerability is improper validation of form input field “Name” on Graph page in Items section. Scope: local bookworm: open bullseye: resolved (fixed in 1:5.0.44+dfsg-1+deb11u1) forky: resolved (fixed in 1:6.0.24+dfsg-1) sid: resolved (fixed in 1:6.0.24+dfsg-1) trixie: resolved (fixed in 1:6.0.24+dfsg-1)

CVE-2024-36463 [MEDIUM] CVE-2024-36463: zabbix - The implementation of atob in "Zabbix JS" allows to create a string with arbitra... The implementation of atob in "Zabbix JS" allows to create a string with arbitrary content and use it to access internal properties of objects. Scope: local bookworm: open bullseye: resolved (fixed in 1:5.0.44+dfsg-1+deb11u1) forky: resolved (fixed in 1:7.0.3+dfsg-1) sid: resolved (fixed in 1:7.0.3+dfsg-1) trixie: resolved (fixed in 1:7.0.3+dfsg-1)

CVE-2024-22114 [MEDIUM] CVE-2024-22114: zabbix - User with no permission to any of the Hosts can access and view host count & oth... User with no permission to any of the Hosts can access and view host count & other statistics through System Information Widget in Global View Dashboard. Scope: local bookworm: open bullseye: resolved (fixed in 1:5.0.44+dfsg-1+deb11u1) forky: resolved (fixed in 1:7.0.0+dfsg-1) sid: resolved (fixed in 1:7.0.0+dfsg-1) trixie: resolved (fixed in 1:7.0.0+dfsg-1)

CVE-2024-36468 [LOW] CVE-2024-36468: zabbix - The reported vulnerability is a stack buffer overflow in the zbx_snmp_cache_hand... The reported vulnerability is a stack buffer overflow in the zbx_snmp_cache_handle_engineid function within the Zabbix server/proxy code. This issue occurs when copying data from session->securityEngineID to local_record.engineid without proper bounds checking. Scope: local bookworm: resolved bullseye: resolved forky: resolved (fixed in 1:7.0.3+dfsg-1) sid: resolved (

CVE-2024-36465 [HIGH] CVE-2024-36465: zabbix - A low privilege (regular) Zabbix user with API access can use SQL injection vuln... A low privilege (regular) Zabbix user with API access can use SQL injection vulnerability in include/classes/api/CApiService.php to execute arbitrary SQL commands via the groupBy parameter. Scope: local bookworm: resolved bullseye: resolved forky: resolved (fixed in 1:7.0.9+dfsg-1) sid: resolved (fixed in 1:7.0.9+dfsg-1) trixie: resolved (fixed in 1:7.0.9+dfsg-1)

CVE-2024-22121 [MEDIUM] CVE-2024-22121: zabbix - A non-admin user can change or remove important features within the Zabbix Agent... A non-admin user can change or remove important features within the Zabbix Agent application, thus impacting the integrity and availability of the application. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2024-42328 [LOW] CVE-2024-42328: zabbix - When the webdriver for the Browser object downloads data from a HTTP server, the... When the webdriver for the Browser object downloads data from a HTTP server, the data pointer is set to NULL and is allocated only in curl_write_cb when receiving data. If the server's response is an empty document, then wd->data in the code below will remain NULL and an attempt to read from it will result in a crash. Scope: local bookworm: resolved bullseye: resolved

CVE-2024-22122 [LOW] CVE-2024-22122: zabbix - Zabbix allows to configure SMS notifications. AT command injection occurs on "Za... Zabbix allows to configure SMS notifications. AT command injection occurs on "Zabbix Server" because there is no validation of "Number" field on Web nor on Zabbix server side. Attacker can run test of SMS providing specially crafted phone number and execute additional AT commands on modem. Scope: local bookworm: open bullseye: resolved (fixed in 1:5.0.44+dfsg-1+deb11u

CVE-2024-36464 [LOW] CVE-2024-36464: zabbix - When exporting media types, the password is exported in the YAML in plain text. ... When exporting media types, the password is exported in the YAML in plain text. This appears to be a best practices type issue and may have no actual impact. The user would need to have permissions to access the media types and therefore would be expected to have access to these passwords. Scope: local bookworm: open bullseye: resolved (fixed in 1:5.0.45+dfsg-1+deb11u

CVE-2024-42325 [LOW] CVE-2024-42325: zabbix - Zabbix API user.get returns all users that share common group with the calling u... Zabbix API user.get returns all users that share common group with the calling user. This includes media and other information, such as login attempts, etc. Scope: local bookworm: open bullseye: resolved (fixed in 1:5.0.46+dfsg-1+deb11u1) forky: resolved (fixed in 1:7.0.9+dfsg-1) sid: resolved (fixed in 1:7.0.9+dfsg-1) trixie: resolved (fixed in 1:7.0.9+dfsg-1)

CVE-2024-42326 [MEDIUM] CVE-2024-42326: zabbix - There was discovered a use after free bug in browser.c in the es_browser_get_var... There was discovered a use after free bug in browser.c in the es_browser_get_variant function Scope: local bookworm: resolved bullseye: resolved forky: resolved (fixed in 1:7.0.5+dfsg-1) sid: resolved (fixed in 1:7.0.5+dfsg-1) trixie: resolved (fixed in 1:7.0.5+dfsg-1)

CVE-2024-42331 [LOW] CVE-2024-42331: zabbix - In the src/libs/zbxembed/browser.c file, the es_browser_ctor method retrieves a ... In the src/libs/zbxembed/browser.c file, the es_browser_ctor method retrieves a heap pointer from the Duktape JavaScript engine. This heap pointer is subsequently utilized by the browser_push_error method in the src/libs/zbxembed/browser_error.c file. A use-after-free bug can occur at this stage if the wd->browser heap pointer is freed by garbage collection. Scope: lo

CVE-2024-22123 [LOW] CVE-2024-22123: zabbix - Setting SMS media allows to set GSM modem file. Later this file is used as Linux... Setting SMS media allows to set GSM modem file. Later this file is used as Linux device. But due everything is a file for Linux, it is possible to set another file, e.g. log file and zabbix_server will try to communicate with it as modem. As a result, log file will be broken with AT commands and small part for log file content will be leaked to UI. Scope: local bookwo