Vulnerability CVE-2024-22119: Information

Description

The cause of vulnerability is improper validation of form input field “Name” on Graph page in Items section.

Severity: MEDIUM (5.4) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

URL: https://nvd.nist.gov/vuln/detail/CVE-2024-22119

Published: Feb. 9, 2024

Modified: April 28, 2024

Error type identifier: CWE-79

Fixed packages

Package name	Branch	Fixed in version	Version from repository	Errata ID	Task #	State
zabbix	sisyphus	6.0.27-alt1	7.0.0-alt1	ALT-PU-2024-3075-1	341482	Fixed
zabbix	sisyphus_e2k	6.0.27-alt2	6.0.30-alt1	ALT-PU-2024-4292-1	-	Fixed
zabbix	sisyphus_riscv64	6.0.27-alt1	7.0.0-alt1	ALT-PU-2024-4119-1	-	Fixed
zabbix	sisyphus_loongarch64	6.0.27-alt1	7.0.0-alt1	ALT-PU-2024-3139-1	-	Fixed
zabbix	p10	6.0.27-alt0.p10.1	6.0.30-alt0.p10.1	ALT-PU-2024-3077-2	341483	Fixed
zabbix	p10_e2k	6.0.27-alt0.p10.1	6.0.29-alt0.p10.1	ALT-PU-2024-4325-1	-	Fixed
zabbix	c10f1	6.0.27-alt0.c10f1.1	6.0.27-alt0.c10f1.1	ALT-PU-2024-3365-2	341486	Fixed
zabbix	p11	6.0.27-alt1	6.0.30-alt1	ALT-PU-2024-3075-1	341482	Fixed

Hyperlink	Resource
https://support.zabbix.com/browse/ZBX-24070	Exploit Issue Tracking Patch Vendor Advisory
https://lists.debian.org/debian-lts-announce/2024/04/msg00020.html

Version: v24.5.3