Vulnerability CVE-2023-32725: Information
Description
The website configured in the URL widget will receive a session cookie when testing or executing scheduled reports. The received session cookie can then be used to access the frontend as the particular user.
Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Fixed packages
Package name | Branch | Fixed in version | Version from repository | Errata ID | Task # | State |
---|---|---|---|---|---|---|
zabbix | sisyphus | 6.0.27-alt1 | 6.0.30-alt1 | ALT-PU-2024-3075-1 | 341482 | Fixed |
zabbix | sisyphus_e2k | 6.0.27-alt2 | 6.0.29-alt1 | ALT-PU-2024-4292-1 | - | Fixed |
zabbix | sisyphus_riscv64 | 6.0.27-alt1 | 6.0.30-alt1 | ALT-PU-2024-4119-1 | - | Fixed |
zabbix | sisyphus_loongarch64 | 6.0.27-alt1 | 6.0.30-alt1 | ALT-PU-2024-3139-1 | - | Fixed |
zabbix | p10 | 6.0.27-alt0.p10.1 | 6.0.29-alt0.p10.1 | ALT-PU-2024-3077-2 | 341483 | Fixed |
zabbix | p10_e2k | 6.0.27-alt0.p10.1 | 6.0.29-alt0.p10.1 | ALT-PU-2024-4325-1 | - | Fixed |
zabbix | c10f1 | 6.0.27-alt0.c10f1.1 | 6.0.27-alt0.c10f1.1 | ALT-PU-2024-3365-2 | 341486 | Fixed |
References to Advisories, Solutions, and Tools
Hyperlink | Resource |
---|---|
https://support.zabbix.com/browse/ZBX-23854 |
|