JavaScript pre-processing can be used by the attacker to gain access to the file system (read-only access on behalf of user "zabbix") on the Zabbix Server or Zabbix Proxy, potentially leading to unauthorized access to sensitive data.
References
Link | Resource |
---|---|
https://lists.debian.org/debian-lts-announce/2023/08/msg00027.html | |
https://support.zabbix.com/browse/ZBX-22588 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
22 Aug 2023, 19:16
Type | Values Removed | Values Added |
---|---|---|
References |
|
25 Jul 2023, 14:55
Type | Values Removed | Values Added |
---|---|---|
First Time |
Zabbix
Zabbix zabbix |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
References | (MISC) https://support.zabbix.com/browse/ZBX-22588 - Vendor Advisory | |
CWE | CWE-552 | |
CPE | cpe:2.3:a:zabbix:zabbix:*:*:*:*:*:*:*:* |
13 Jul 2023, 09:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-07-13 09:15
Updated : 2024-02-28 20:33
NVD link : CVE-2023-29450
Mitre link : CVE-2023-29450
CVE.ORG link : CVE-2023-29450
JSON object : View
Products Affected
zabbix
- zabbix