Vulnerability CVE-2023-29449: Information

Description

JavaScript preprocessing, webhooks and global scripts can cause uncontrolled CPU, memory, and disk I/O utilization. Preprocessing/webhook/global script configuration and testing are only available to Administrative roles (Admin and Superadmin). Administrative privileges should be typically granted to users who need to perform tasks that require more control over the system. The security risk is limited because not all users have this level of access.

Severity: MEDIUM (4.9) Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2023-29449
Published: July 13, 2023
Modified: July 25, 2023
Error type identifier: CWE-770

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
zabbixc9f25.0.38-alt15.0.40-alt1ALT-PU-2023-6268-3329847Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://support.zabbix.com/browse/ZBX-22589
  • Vendor Advisory

    1. Configuration 1

      cpe:2.3:a:zabbix:zabbix:6.4.0:rc2:*:*:*:*:*:*
      cpe:2.3:a:zabbix:zabbix:6.4.0:rc3:*:*:*:*:*:*
      cpe:2.3:a:zabbix:zabbix:6.4.0:rc4:*:*:*:*:*:*
      cpe:2.3:a:zabbix:zabbix:*:*:*:*:*:*:*:*
      Start including
      6.0.0
      End including
      6.0.13
      cpe:2.3:a:zabbix:zabbix:*:*:*:*:*:*:*:*
      End including
      5.0.31
      cpe:2.3:a:zabbix:zabbix:*:*:*:*:*:*:*:*
      Start including
      6.4.1
      End including
      6.4.4
      cpe:2.3:a:zabbix:zabbix:6.4.0:beta1:*:*:*:*:*:*
      cpe:2.3:a:zabbix:zabbix:6.4.0:beta2:*:*:*:*:*:*
      cpe:2.3:a:zabbix:zabbix:6.4.0:beta3:*:*:*:*:*:*
      cpe:2.3:a:zabbix:zabbix:6.4.0:beta4:*:*:*:*:*:*
      cpe:2.3:a:zabbix:zabbix:6.4.0:beta5:*:*:*:*:*:*
      cpe:2.3:a:zabbix:zabbix:6.4.0:beta6:*:*:*:*:*:*
      cpe:2.3:a:zabbix:zabbix:6.4.0:alpha1:*:*:*:*:*:*
VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
Version: v24.5.3
Back to top