Branch c9f2 update bulletin.

Package zabbix updated to version 5.0.45-alt0.c9f2.1 for branch c9f2 in task 362934.

Published: 2023-11-22

BDU:2024-04280

Уязвимость универсальной системы мониторинга Zabbix, связанная с непринятием мер по защите структуры веб-страницы, позволяющая нарушителю провести атаку межсайтового скриптинга (XSS)

Severity: MEDIUM (5.4) Vector: AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

References:

CVE-2024-22119

Published: 2024-02-09
Modified: 2024-11-21

CVE-2024-22119

The cause of vulnerability is improper validation of form input field “Name” on Graph page in Items section.

Severity: MEDIUM (5.4) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

References:

https://lists.debian.org/debian-lts-announce/2024/04/msg00020.html
https://lists.debian.org/debian-lts-announce/2024/04/msg00020.html
https://support.zabbix.com/browse/ZBX-24070
https://support.zabbix.com/browse/ZBX-24070

Version: 2.1.0

Branch c9f2 update on 2024-11-22

ALT-BU-2024-15972-1

ALT-PU-2024-15834-2

Closed vulnerabilities

BDU:2024-04280

CVE-2024-22119