JavaScript preprocessing, webhooks and global scripts can cause uncontrolled CPU, memory, and disk I/O utilization. Preprocessing/webhook/global script configuration and testing are only available to Administrative roles (Admin and Superadmin). Administrative privileges should be typically granted to users who need to perform tasks that require more control over the system. The security risk is limited because not all users have this level of access.
References
Link | Resource |
---|---|
https://support.zabbix.com/browse/ZBX-22589 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
25 Jul 2023, 14:54
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-770 | |
CPE | cpe:2.3:a:zabbix:zabbix:6.4.0:beta5:*:*:*:*:*:* cpe:2.3:a:zabbix:zabbix:6.4.0:rc2:*:*:*:*:*:* cpe:2.3:a:zabbix:zabbix:6.4.0:rc3:*:*:*:*:*:* cpe:2.3:a:zabbix:zabbix:6.4.0:beta3:*:*:*:*:*:* cpe:2.3:a:zabbix:zabbix:6.4.0:beta1:*:*:*:*:*:* cpe:2.3:a:zabbix:zabbix:6.4.0:beta4:*:*:*:*:*:* cpe:2.3:a:zabbix:zabbix:6.4.0:alpha1:*:*:*:*:*:* cpe:2.3:a:zabbix:zabbix:6.4.0:rc4:*:*:*:*:*:* cpe:2.3:a:zabbix:zabbix:*:*:*:*:*:*:*:* cpe:2.3:a:zabbix:zabbix:6.4.0:beta6:*:*:*:*:*:* cpe:2.3:a:zabbix:zabbix:6.4.0:beta2:*:*:*:*:*:* |
|
First Time |
Zabbix
Zabbix zabbix |
|
References | (MISC) https://support.zabbix.com/browse/ZBX-22589 - Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 4.9 |
13 Jul 2023, 09:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-07-13 09:15
Updated : 2024-02-28 20:33
NVD link : CVE-2023-29449
Mitre link : CVE-2023-29449
CVE.ORG link : CVE-2023-29449
JSON object : View
Products Affected
zabbix
- zabbix