ALT-PU-2024-18029-1

Package update zabbix in branch p10

Version6.0.33-alt0.p10.2

Published2024-09-10

Max severityHIGH

Severity:

Closed issues (4)

HIGH7.5

Уязвимость интерфейса универсальной системы мониторинга Zabbix, позволяющая нарушителю повысить свои привилегии

Published: 2024-12-05Modified: 2026-02-16

CVSS 3.xHIGH 7.5

CVSS:3.x/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CVSS 2.0HIGH 7.8

CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:N/A:N

References

CVE-2024-36467

MEDIUM6.5

Уязвимость метода atob универсальной системы мониторинга Zabbix, позволяющая нарушителю оказать воздействие на целостность защищаемой информации

Published: 2024-12-06Modified: 2026-02-16

CVSS 3.xMEDIUM 6.5

CVSS:3.x/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVSS 2.0MEDIUM 6.8

CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:C

References

CVE-2024-36463

HIGH8.8

The implementation of atob in "Zabbix JS" allows to create a string with arbitrary content and use it to access internal properties of objects.

Published: 2024-11-26Modified: 2025-10-08

CVSS 3.xHIGH 8.8

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References

https://support.zabbix.com/browse/ZBX-25611

HIGH8.8

An authenticated user with API access (e.g.: user with default User role), more specifically a user with access to the user.update API endpoint is enough to be able to add themselves to any group (e.g.: Zabbix Administrators), except to groups that are disabled or having restricted GUI access.

Published: 2024-11-27Modified: 2025-10-08

CVSS 3.xHIGH 8.8

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References

https://support.zabbix.com/browse/ZBX-25614