ALT-PU-2024-1191-4

Package update zabbix in branch c10f2

Version6.0.25-alt2

Published2024-01-25

Max severityCRITICAL

Severity:

Closed issues (5)

HIGH7.6

Уязвимость интерфейса универсальной системы мониторинга Zabbix, позволяющая нарушителю проводить межсайтовые сценарные атаки

Published: 2023-10-16Modified: 2025-03-04

CVSS 3.xHIGH 7.6

CVSS:3.x/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:N

CVSS 2.0HIGH 7.5

CVSS:2.0/AV:N/AC:L/Au:S/C:P/I:C/A:N

References

CVE-2023-32721

CRITICAL9.6

Уязвимость модуля zabbix/src/libs/zbxjson универсальной системы мониторинга Zabbix, позволяющая нарушителю выполнить произвольный код

Published: 2023-11-28Modified: 2024-11-10

CVSS 3.xCRITICAL 9.6

CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

CVSS 2.0CRITICAL 10.0

CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:C

References

CVE-2023-32722

MEDIUM5.4

A stored XSS has been found in the Zabbix web application in the Maps element if a URL field is set with spaces before URL.

Published: 2023-10-12Modified: 2025-11-03

CVSS 3.xMEDIUM 5.4

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

References

HIGH7.8

The zabbix/src/libs/zbxjson module is vulnerable to a buffer overflow when parsing JSON files via zbx_json_open.

Published: 2023-10-12Modified: 2025-11-03

CVSS 3.xHIGH 7.8

CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References

HIGH8.8

Memory pointer is in a property of the Ducktape object. This leads to multiple vulnerabilities related to direct memory access and manipulation.

Published: 2023-10-12Modified: 2025-11-03

CVSS 3.xHIGH 8.8

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References