Debian Zabbix vulnerabilities

CVE-2024-42333 [LOW] CVE-2024-42333: zabbix - The researcher is showing that it is possible to leak a small amount of Zabbix S... The researcher is showing that it is possible to leak a small amount of Zabbix Server memory using an out of bounds read in src/libs/zbxmedia/email.c Scope: local bookworm: open bullseye: resolved (fixed in 1:5.0.45+dfsg-1+deb11u1) forky: resolved (fixed in 1:7.0.5+dfsg-1) sid: resolved (fixed in 1:7.0.5+dfsg-1) trixie: resolved (fixed in 1:7.0.5+dfsg-1)

CVE-2024-22117 [LOW] CVE-2024-22117: zabbix - When a URL is added to the map element, it is recorded in the database with sequ... When a URL is added to the map element, it is recorded in the database with sequential IDs. Upon adding a new URL, the system retrieves the last sysmapelementurlid value and increments it by one. However, an issue arises when a user manually changes the sysmapelementurlid value by adding sysmapelementurlid + 1. This action prevents others from adding URLs to the map e

CVE-2024-36462 [HIGH] CVE-2024-36462: zabbix - Uncontrolled resource consumption refers to a software vulnerability where a att... Uncontrolled resource consumption refers to a software vulnerability where a attacker or system uses excessive resources, such as CPU, memory, or network bandwidth, without proper limitations or controls. This can cause a denial-of-service (DoS) attack or degrade the performance of the affected system. Scope: local bookworm: resolved bullseye: resolved forky: resolve

CVE-2024-42332 [LOW] CVE-2024-42332: zabbix - The researcher is showing that due to the way the SNMP trap log is parsed, an at... The researcher is showing that due to the way the SNMP trap log is parsed, an attacker can craft an SNMP trap with additional lines of information and have forged data show in the Zabbix UI. This attack requires SNMP auth to be off and/or the attacker to know the community/auth details. The attack requires an SNMP item to be configured as text on the target host. Scop

CVE-2024-36469 [LOW] CVE-2024-36469: zabbix - Execution time for an unsuccessful login differs when using a non-existing usern... Execution time for an unsuccessful login differs when using a non-existing username compared to using an existing one. Scope: local bookworm: open bullseye: resolved (fixed in 1:5.0.46+dfsg-1+deb11u1) forky: resolved (fixed in 1:7.0.9+dfsg-1) sid: resolved (fixed in 1:7.0.9+dfsg-1) trixie: resolved (fixed in 1:7.0.9+dfsg-1)

CVE-2024-42329 [LOW] CVE-2024-42329: zabbix - The webdriver for the Browser object expects an error object to be initialized w... The webdriver for the Browser object expects an error object to be initialized when the webdriver_session_query function fails. But this function can fail for various reasons without an error description and then the wd->error will be NULL and trying to read from it will result in a crash. Scope: local bookworm: resolved bullseye: resolved forky: resolved (fixed in 1:

CVE-2023-32725 [CRITICAL] CVE-2023-32725: zabbix - The website configured in the URL widget will receive a session cookie when test... The website configured in the URL widget will receive a session cookie when testing or executing scheduled reports. The received session cookie can then be used to access the frontend as the particular user. Scope: local bookworm: open bullseye: resolved forky: resolved (fixed in 1:6.0.23+dfsg-1) sid: resolved (fixed in 1:6.0.23+dfsg-1) trixie: resolved (fixed in

CVE-2023-32724 [CRITICAL] CVE-2023-32724: zabbix - Memory pointer is in a property of the Ducktape object. This leads to multiple v... Memory pointer is in a property of the Ducktape object. This leads to multiple vulnerabilities related to direct memory access and manipulation. Scope: local bookworm: open bullseye: resolved (fixed in 1:5.0.44+dfsg-1+deb11u1) forky: resolved (fixed in 1:6.0.23+dfsg-1) sid: resolved (fixed in 1:6.0.23+dfsg-1) trixie: resolved (fixed in 1:6.0.23+dfsg-1)

CVE-2023-32722 [CRITICAL] CVE-2023-32722: zabbix - The zabbix/src/libs/zbxjson module is vulnerable to a buffer overflow when parsi... The zabbix/src/libs/zbxjson module is vulnerable to a buffer overflow when parsing JSON files via zbx_json_open. Scope: local bookworm: open bullseye: resolved (fixed in 1:5.0.44+dfsg-1+deb11u1) forky: resolved (fixed in 1:6.0.23+dfsg-1) sid: resolved (fixed in 1:6.0.23+dfsg-1) trixie: resolved (fixed in 1:6.0.23+dfsg-1)

CVE-2023-29450 [HIGH] CVE-2023-29450: zabbix - JavaScript pre-processing can be used by the attacker to gain access to the file... JavaScript pre-processing can be used by the attacker to gain access to the file system (read-only access on behalf of user "zabbix") on the Zabbix Server or Zabbix Proxy, potentially leading to unauthorized access to sensitive data. Scope: local bookworm: open bullseye: resolved (fixed in 1:5.0.44+dfsg-1+deb11u1) forky: resolved (fixed in 1:6.0.23+dfsg-1) sid: resol

CVE-2023-32723 [HIGH] CVE-2023-32723: zabbix - Request to LDAP is sent before user permissions are checked. Request to LDAP is sent before user permissions are checked. Scope: local bookworm: resolved (fixed in 1:5.0.0+dfsg-1) bullseye: resolved (fixed in 1:5.0.0+dfsg-1) forky: resolved (fixed in 1:5.0.0+dfsg-1) sid: resolved (fixed in 1:5.0.0+dfsg-1) trixie: resolved (fixed in 1:5.0.0+dfsg-1)

CVE-2023-32721 [HIGH] CVE-2023-32721: zabbix - A stored XSS has been found in the Zabbix web application in the Maps element if... A stored XSS has been found in the Zabbix web application in the Maps element if a URL field is set with spaces before URL. Scope: local bookworm: open bullseye: resolved (fixed in 1:5.0.44+dfsg-1+deb11u1) forky: resolved (fixed in 1:6.0.23+dfsg-1) sid: resolved (fixed in 1:6.0.23+dfsg-1) trixie: resolved (fixed in 1:6.0.23+dfsg-1)

CVE-2023-32728 [MEDIUM] CVE-2023-32728: zabbix - The Zabbix Agent 2 item key smart.disk.get does not sanitize its parameters befo... The Zabbix Agent 2 item key smart.disk.get does not sanitize its parameters before passing them to a shell command resulting possible vulnerability for remote code execution. Scope: local bookworm: open bullseye: resolved forky: resolved (fixed in 1:6.0.24+dfsg-1) sid: resolved (fixed in 1:6.0.24+dfsg-1) trixie: resolved (fixed in 1:6.0.24+dfsg-1)

CVE-2023-29456 [MEDIUM] CVE-2023-29456: zabbix - URL validation scheme receives input from a user and then parses it to identify ... URL validation scheme receives input from a user and then parses it to identify its various components. The validation scheme can ensure that all URL components comply with internet standards. Scope: local bookworm: open bullseye: resolved (fixed in 1:5.0.44+dfsg-1+deb11u1) forky: resolved (fixed in 1:6.0.23+dfsg-1) sid: resolved (fixed in 1:6.0.23+dfsg-1) trixie:

CVE-2023-29452 [MEDIUM] CVE-2023-29452: zabbix - Currently, geomap configuration (Administration -> General -> Geographical maps)... Currently, geomap configuration (Administration -> General -> Geographical maps) allows using HTML in the field “Attribution text” when selected “Other” Tile provider. Scope: local bookworm: open bullseye: resolved forky: resolved (fixed in 1:6.0.23+dfsg-1) sid: resolved (fixed in 1:6.0.23+dfsg-1) trixie: resolved (fixed in 1:6.0.23+dfsg-1)

CVE-2023-29451 [MEDIUM] CVE-2023-29451: zabbix - Specially crafted string can cause a buffer overrun in the JSON parser library l... Specially crafted string can cause a buffer overrun in the JSON parser library leading to a crash of the Zabbix Server or a Zabbix Proxy. Scope: local bookworm: open bullseye: resolved forky: resolved (fixed in 1:6.0.23+dfsg-1) sid: resolved (fixed in 1:6.0.23+dfsg-1) trixie: resolved (fixed in 1:6.0.23+dfsg-1)

CVE-2023-29454 [MEDIUM] CVE-2023-29454: zabbix - Stored or persistent cross-site scripting (XSS) is a type of XSS where the attac... Stored or persistent cross-site scripting (XSS) is a type of XSS where the attacker first sends the payload to the web application, then the application saves the payload (e.g., in a database or server-side text files), and finally, the application unintentionally executes the payload for every victim visiting its web pages. Scope: local bookworm: open bullseye: re

CVE-2023-29449 [MEDIUM] CVE-2023-29449: zabbix - JavaScript preprocessing, webhooks and global scripts can cause uncontrolled CPU... JavaScript preprocessing, webhooks and global scripts can cause uncontrolled CPU, memory, and disk I/O utilization. Preprocessing/webhook/global script configuration and testing are only available to Administrative roles (Admin and Superadmin). Administrative privileges should be typically granted to users who need to perform tasks that require more control over th

CVE-2023-29455 [MEDIUM] CVE-2023-29455: zabbix - Reflected XSS attacks, also known as non-persistent attacks, occur when a malici... Reflected XSS attacks, also known as non-persistent attacks, occur when a malicious script is reflected off a web application to the victim's browser. The script is activated through a link, which sends a request to a website with a vulnerability that enables execution of malicious scripts. Scope: local bookworm: open bullseye: resolved (fixed in 1:5.0.44+dfsg-1+de

CVE-2023-32727 [MEDIUM] CVE-2023-32727: zabbix - An attacker who has the privilege to configure Zabbix items can use function icm... An attacker who has the privilege to configure Zabbix items can use function icmpping() with additional malicious command inside it to execute arbitrary code on the current Zabbix server. Scope: local bookworm: open bullseye: resolved (fixed in 1:5.0.44+dfsg-1+deb11u1) forky: resolved (fixed in 1:6.0.23+dfsg-1) sid: resolved (fixed in 1:6.0.23+dfsg-1) trixie: resol