Package zabbix updated to version 6.0.25-alt2 for branch c10f2 in task 338259.

Published: 2023-05-11

BDU:2023-06803

Уязвимость интерфейса универсальной системы мониторинга Zabbix, позволяющая нарушителю проводить межсайтовые сценарные атаки

Severity: HIGH (7.6) Vector: AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:N

References:

Published: 2023-09-11

BDU:2023-08246

Уязвимость модуля zabbix/src/libs/zbxjson универсальной системы мониторинга Zabbix, позволяющая нарушителю выполнить произвольный код

Severity: CRITICAL (9.6) Vector: AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

References:

Published: 2023-10-12
Modified: 2024-11-21

A stored XSS has been found in the Zabbix web application in the Maps element if a URL field is set with spaces before URL.

Severity: MEDIUM (5.4) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

References:

Published: 2023-10-12
Modified: 2024-11-21

The zabbix/src/libs/zbxjson module is vulnerable to a buffer overflow when parsing JSON files via zbx_json_open.

Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Published: 2023-10-12
Modified: 2024-11-21

Memory pointer is in a property of the Ducktape object. This leads to multiple vulnerabilities related to direct memory access and manipulation.

Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References:

Version: 2.1.0