Vulnerability-Lookup

WID-SEC-W-2024-3562

Vulnerability from csaf_certbund - Published: 2024-11-27 23:00 - Updated: 2025-08-10 22:00

Summary

Zabbix: Mehrere Schwachstellen

Severity

Hoch

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung: Zabbix ist ein Open-Source Netzwerk-Monitoringsystem.

Angriff: Ein Angreifer kann mehrere Schwachstellen in Zabbix ausnutzen, um vertrauliche Informationen preiszugeben, einen Denial-of-Service-Zustand zu erzeugen, erhöhte Rechte zu erlangen, beliebigen Code auszuführen und Daten zu manipulieren.

Betroffene Betriebssysteme: - Sonstiges - UNIX

CVE-2024-36464

Affected products

Known affected 5 products

Product	Identifier	Version
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Zabbix Zabbix <6.0.30rc1 Zabbix / Zabbix		<6.0.30rc1
Zabbix Zabbix <6.4.15rc1 Zabbix / Zabbix		<6.4.15rc1
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2024-36468

Affected products

Known affected 11 products

Product	Identifier	Version
Zabbix Zabbix <7.0.4rc1 Zabbix / Zabbix		<7.0.4rc1
Zabbix Zabbix <6.4.19rc1 Zabbix / Zabbix		<6.4.19rc1
Zabbix Zabbix <6.4.17rc1 Zabbix / Zabbix		<6.4.17rc1
Zabbix Zabbix <6.0.32rc1 Zabbix / Zabbix		<6.0.32rc1
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Zabbix Zabbix <6.0.30rc1 Zabbix / Zabbix		<6.0.30rc1
Zabbix Zabbix <6.4.15rc1 Zabbix / Zabbix		<6.4.15rc1
Zabbix Zabbix <6.0.34rc1 Zabbix / Zabbix		<6.0.34rc1
Zabbix Zabbix <7.0.3rc1 Zabbix / Zabbix		<7.0.3rc1
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2024-42333

Affected products

Known affected 11 products

Product	Identifier	Version
Zabbix Zabbix <7.0.4rc1 Zabbix / Zabbix		<7.0.4rc1
Zabbix Zabbix <6.4.19rc1 Zabbix / Zabbix		<6.4.19rc1
Zabbix Zabbix <6.4.17rc1 Zabbix / Zabbix		<6.4.17rc1
Zabbix Zabbix <6.0.32rc1 Zabbix / Zabbix		<6.0.32rc1
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Zabbix Zabbix <6.0.30rc1 Zabbix / Zabbix		<6.0.30rc1
Zabbix Zabbix <6.4.15rc1 Zabbix / Zabbix		<6.4.15rc1
Zabbix Zabbix <6.0.34rc1 Zabbix / Zabbix		<6.0.34rc1
Zabbix Zabbix <7.0.3rc1 Zabbix / Zabbix		<7.0.3rc1
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2024-42326

Affected products

Known affected 6 products

Product	Identifier	Version
Zabbix Zabbix <7.0.4rc1 Zabbix / Zabbix		<7.0.4rc1
Zabbix Zabbix <7.0.1rc1 Zabbix / Zabbix		<7.0.1rc1
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Zabbix Zabbix <7.0.3rc1 Zabbix / Zabbix		<7.0.3rc1
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2024-42328

Affected products

Known affected 6 products

Product	Identifier	Version
Zabbix Zabbix <7.0.4rc1 Zabbix / Zabbix		<7.0.4rc1
Zabbix Zabbix <7.0.1rc1 Zabbix / Zabbix		<7.0.1rc1
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Zabbix Zabbix <7.0.3rc1 Zabbix / Zabbix		<7.0.3rc1
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2024-42329

Affected products

Known affected 6 products

Product	Identifier	Version
Zabbix Zabbix <7.0.4rc1 Zabbix / Zabbix		<7.0.4rc1
Zabbix Zabbix <7.0.1rc1 Zabbix / Zabbix		<7.0.1rc1
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Zabbix Zabbix <7.0.3rc1 Zabbix / Zabbix		<7.0.3rc1
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2024-42331

Affected products

Known affected 6 products

Product	Identifier	Version
Zabbix Zabbix <7.0.4rc1 Zabbix / Zabbix		<7.0.4rc1
Zabbix Zabbix <7.0.1rc1 Zabbix / Zabbix		<7.0.1rc1
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Zabbix Zabbix <7.0.3rc1 Zabbix / Zabbix		<7.0.3rc1
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2024-42327

Affected products

Known affected 9 products

Product	Identifier	Version
Zabbix Zabbix <7.0.1rc1 Zabbix / Zabbix		<7.0.1rc1
Zabbix Zabbix <6.4.17rc1 Zabbix / Zabbix		<6.4.17rc1
Zabbix Zabbix <6.0.32rc1 Zabbix / Zabbix		<6.0.32rc1
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Zabbix Zabbix <6.0.30rc1 Zabbix / Zabbix		<6.0.30rc1
Zabbix Zabbix <6.4.15rc1 Zabbix / Zabbix		<6.4.15rc1
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—
Zabbix Zabbix <6.4.20rc1 Zabbix / Zabbix		<6.4.20rc1

CVE-2024-42330

Affected products

Known affected 12 products

Product	Identifier	Version
Zabbix Zabbix <7.0.4rc1 Zabbix / Zabbix		<7.0.4rc1
Zabbix Zabbix <7.0.1rc1 Zabbix / Zabbix		<7.0.1rc1
Zabbix Zabbix <6.4.19rc1 Zabbix / Zabbix		<6.4.19rc1
Zabbix Zabbix <6.4.17rc1 Zabbix / Zabbix		<6.4.17rc1
Zabbix Zabbix <6.0.32rc1 Zabbix / Zabbix		<6.0.32rc1
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Zabbix Zabbix <6.0.30rc1 Zabbix / Zabbix		<6.0.30rc1
Zabbix Zabbix <6.4.15rc1 Zabbix / Zabbix		<6.4.15rc1
Zabbix Zabbix <6.0.34rc1 Zabbix / Zabbix		<6.0.34rc1
Zabbix Zabbix <7.0.3rc1 Zabbix / Zabbix		<7.0.3rc1
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2024-42332

Affected products

Known affected 13 products

Product	Identifier	Version
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—
Zabbix Zabbix <6.4.20rc1 Zabbix / Zabbix		<6.4.20rc1
Zabbix Zabbix <6.0.35rc1 Zabbix / Zabbix		<6.0.35rc1
Zabbix Zabbix <6.4.19rc1 Zabbix / Zabbix		<6.4.19rc1
Zabbix Zabbix <7.0.1rc1 Zabbix / Zabbix		<7.0.1rc1
Zabbix Zabbix <6.4.17rc1 Zabbix / Zabbix		<6.4.17rc1
Zabbix Zabbix <6.0.32rc1 Zabbix / Zabbix		<6.0.32rc1
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Zabbix Zabbix <6.0.30rc1 Zabbix / Zabbix		<6.0.30rc1
Zabbix Zabbix <6.0.34rc1 Zabbix / Zabbix		<6.0.34rc1
Zabbix Zabbix <6.4.15rc1 Zabbix / Zabbix		<6.4.15rc1
Zabbix Zabbix <7.0.3rc1 Zabbix / Zabbix		<7.0.3rc1

CVE-2024-36466

Affected products

Known affected 8 products

Product	Identifier	Version
Zabbix Zabbix <7.0.1rc1 Zabbix / Zabbix		<7.0.1rc1
Zabbix Zabbix <6.4.17rc1 Zabbix / Zabbix		<6.4.17rc1
Zabbix Zabbix <6.0.32rc1 Zabbix / Zabbix		<6.0.32rc1
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Zabbix Zabbix <6.0.30rc1 Zabbix / Zabbix		<6.0.30rc1
Zabbix Zabbix <6.4.15rc1 Zabbix / Zabbix		<6.4.15rc1
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

References

18 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://support.zabbix.com/browse/ZBX-25621	external
https://support.zabbix.com/browse/ZBX-25622	external
https://support.zabbix.com/browse/ZBX-25623	external
https://support.zabbix.com/browse/ZBX-25624	external
https://support.zabbix.com/browse/ZBX-25625	external
https://support.zabbix.com/browse/ZBX-25626	external
https://support.zabbix.com/browse/ZBX-25627	external
https://support.zabbix.com/browse/ZBX-25628	external
https://support.zabbix.com/browse/ZBX-25629	external
https://support.zabbix.com/browse/ZBX-25630	external
https://bodhi.fedoraproject.org/updates/FEDORA-20…	external
https://bodhi.fedoraproject.org/updates/FEDORA-EP…	external
https://bodhi.fedoraproject.org/updates/FEDORA-EP…	external
https://github.com/aramosf/cve-2024-42327	external
https://lists.debian.org/debian-lts-announce/2024…	external
https://lists.suse.com/pipermail/sle-security-upd…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Zabbix ist ein Open-Source Netzwerk-Monitoringsystem.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein Angreifer kann mehrere Schwachstellen in Zabbix ausnutzen, um vertrauliche Informationen preiszugeben, einen Denial-of-Service-Zustand zu erzeugen, erh\u00f6hte Rechte zu erlangen, beliebigen Code auszuf\u00fchren und Daten zu manipulieren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Sonstiges\n- UNIX",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2024-3562 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-3562.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2024-3562 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-3562"
      },
      {
        "category": "external",
        "summary": "Zabbix bugs and issues vom 2024-11-27",
        "url": "https://support.zabbix.com/browse/ZBX-25621"
      },
      {
        "category": "external",
        "summary": "Zabbix bugs and issues vom 2024-11-27",
        "url": "https://support.zabbix.com/browse/ZBX-25622"
      },
      {
        "category": "external",
        "summary": "Zabbix bugs and issues vom 2024-11-27",
        "url": "https://support.zabbix.com/browse/ZBX-25623"
      },
      {
        "category": "external",
        "summary": "Zabbix bugs and issues vom 2024-11-27",
        "url": "https://support.zabbix.com/browse/ZBX-25624"
      },
      {
        "category": "external",
        "summary": "Zabbix bugs and issues vom 2024-11-27",
        "url": "https://support.zabbix.com/browse/ZBX-25625"
      },
      {
        "category": "external",
        "summary": "Zabbix bugs and issues vom 2024-11-27",
        "url": "https://support.zabbix.com/browse/ZBX-25626"
      },
      {
        "category": "external",
        "summary": "Zabbix bugs and issues vom 2024-11-27",
        "url": "https://support.zabbix.com/browse/ZBX-25627"
      },
      {
        "category": "external",
        "summary": "Zabbix bugs and issues vom 2024-11-27",
        "url": "https://support.zabbix.com/browse/ZBX-25628"
      },
      {
        "category": "external",
        "summary": "Zabbix bugs and issues vom 2024-11-27",
        "url": "https://support.zabbix.com/browse/ZBX-25629"
      },
      {
        "category": "external",
        "summary": "Zabbix bugs and issues vom 2024-11-27",
        "url": "https://support.zabbix.com/browse/ZBX-25630"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-2024-BCDEA6E995 vom 2024-12-01",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2024-bcdea6e995"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-EPEL-2024-59FE4B1ED6 vom 2024-12-01",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-59fe4b1ed6"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-EPEL-2024-A84AA88792 vom 2024-12-01",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-a84aa88792"
      },
      {
        "category": "external",
        "summary": "PoC auf GitHub vom 2024-12-03",
        "url": "https://github.com/aramosf/cve-2024-42327"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DLA-3984 vom 2024-12-07",
        "url": "https://lists.debian.org/debian-lts-announce/2024/12/msg00005.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2025:02746-1 vom 2025-08-11",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2025-August/022126.html"
      }
    ],
    "source_lang": "en-US",
    "title": "Zabbix: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2025-08-10T22:00:00.000+00:00",
      "generator": {
        "date": "2025-08-11T09:47:13.698+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.4.0"
        }
      },
      "id": "WID-SEC-W-2024-3562",
      "initial_release_date": "2024-11-27T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2024-11-27T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2024-12-01T23:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von Fedora aufgenommen"
        },
        {
          "date": "2024-12-03T23:00:00.000+00:00",
          "number": "3",
          "summary": "PoC aufgenommen"
        },
        {
          "date": "2024-12-08T23:00:00.000+00:00",
          "number": "4",
          "summary": "Neue Updates von Debian aufgenommen"
        },
        {
          "date": "2025-08-10T22:00:00.000+00:00",
          "number": "5",
          "summary": "Neue Updates von SUSE aufgenommen"
        }
      ],
      "status": "final",
      "version": "5"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Debian Linux",
            "product": {
              "name": "Debian Linux",
              "product_id": "2951",
              "product_identification_helper": {
                "cpe": "cpe:/o:debian:debian_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Debian"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Fedora Linux",
            "product": {
              "name": "Fedora Linux",
              "product_id": "74185",
              "product_identification_helper": {
                "cpe": "cpe:/o:fedoraproject:fedora:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Fedora"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "SUSE Linux",
            "product": {
              "name": "SUSE Linux",
              "product_id": "T002207",
              "product_identification_helper": {
                "cpe": "cpe:/o:suse:suse_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c7.0.3rc1",
                "product": {
                  "name": "Zabbix Zabbix \u003c7.0.3rc1",
                  "product_id": "T039480"
                }
              },
              {
                "category": "product_version",
                "name": "7.0.3rc1",
                "product": {
                  "name": "Zabbix Zabbix 7.0.3rc1",
                  "product_id": "T039480-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:zabbix:zabbix:7.0.3rc1"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c6.0.34rc1",
                "product": {
                  "name": "Zabbix Zabbix \u003c6.0.34rc1",
                  "product_id": "T039481"
                }
              },
              {
                "category": "product_version",
                "name": "6.0.34rc1",
                "product": {
                  "name": "Zabbix Zabbix 6.0.34rc1",
                  "product_id": "T039481-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:zabbix:zabbix:6.0.34rc1"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c6.4.19rc1",
                "product": {
                  "name": "Zabbix Zabbix \u003c6.4.19rc1",
                  "product_id": "T039482"
                }
              },
              {
                "category": "product_version",
                "name": "6.4.19rc1",
                "product": {
                  "name": "Zabbix Zabbix 6.4.19rc1",
                  "product_id": "T039482-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:zabbix:zabbix:6.4.19rc1"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c7.0.4rc1",
                "product": {
                  "name": "Zabbix Zabbix \u003c7.0.4rc1",
                  "product_id": "T039483"
                }
              },
              {
                "category": "product_version",
                "name": "7.0.4rc1",
                "product": {
                  "name": "Zabbix Zabbix 7.0.4rc1",
                  "product_id": "T039483-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:zabbix:zabbix:7.0.4rc1"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c6.0.32rc1",
                "product": {
                  "name": "Zabbix Zabbix \u003c6.0.32rc1",
                  "product_id": "T039484"
                }
              },
              {
                "category": "product_version",
                "name": "6.0.32rc1",
                "product": {
                  "name": "Zabbix Zabbix 6.0.32rc1",
                  "product_id": "T039484-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:zabbix:zabbix:6.0.32rc1"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c6.4.17rc1",
                "product": {
                  "name": "Zabbix Zabbix \u003c6.4.17rc1",
                  "product_id": "T039485"
                }
              },
              {
                "category": "product_version",
                "name": "6.4.17rc1",
                "product": {
                  "name": "Zabbix Zabbix 6.4.17rc1",
                  "product_id": "T039485-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:zabbix:zabbix:6.4.17rc1"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c6.0.35rc1",
                "product": {
                  "name": "Zabbix Zabbix \u003c6.0.35rc1",
                  "product_id": "T039488"
                }
              },
              {
                "category": "product_version",
                "name": "6.0.35rc1",
                "product": {
                  "name": "Zabbix Zabbix 6.0.35rc1",
                  "product_id": "T039488-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:zabbix:zabbix:6.0.35rc1"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c6.4.20rc1",
                "product": {
                  "name": "Zabbix Zabbix \u003c6.4.20rc1",
                  "product_id": "T039489"
                }
              },
              {
                "category": "product_version",
                "name": "6.4.20rc1",
                "product": {
                  "name": "Zabbix Zabbix 6.4.20rc1",
                  "product_id": "T039489-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:zabbix:zabbix:6.4.20rc1"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c6.0.30rc1",
                "product": {
                  "name": "Zabbix Zabbix \u003c6.0.30rc1",
                  "product_id": "T039490"
                }
              },
              {
                "category": "product_version",
                "name": "6.0.30rc1",
                "product": {
                  "name": "Zabbix Zabbix 6.0.30rc1",
                  "product_id": "T039490-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:zabbix:zabbix:6.0.30rc1"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c6.4.15rc1",
                "product": {
                  "name": "Zabbix Zabbix \u003c6.4.15rc1",
                  "product_id": "T039492"
                }
              },
              {
                "category": "product_version",
                "name": "6.4.15rc1",
                "product": {
                  "name": "Zabbix Zabbix 6.4.15rc1",
                  "product_id": "T039492-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:zabbix:zabbix:6.4.15rc1"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c7.0.1rc1",
                "product": {
                  "name": "Zabbix Zabbix \u003c7.0.1rc1",
                  "product_id": "T039493"
                }
              },
              {
                "category": "product_version",
                "name": "7.0.1rc1",
                "product": {
                  "name": "Zabbix Zabbix 7.0.1rc1",
                  "product_id": "T039493-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:zabbix:zabbix:7.0.1rc1"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Zabbix"
          }
        ],
        "category": "vendor",
        "name": "Zabbix"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-36464",
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "T039490",
          "T039492",
          "74185"
        ]
      },
      "release_date": "2024-11-27T23:00:00.000+00:00",
      "title": "CVE-2024-36464"
    },
    {
      "cve": "CVE-2024-36468",
      "product_status": {
        "known_affected": [
          "T039483",
          "T039482",
          "T039485",
          "T039484",
          "2951",
          "T002207",
          "T039490",
          "T039492",
          "T039481",
          "T039480",
          "74185"
        ]
      },
      "release_date": "2024-11-27T23:00:00.000+00:00",
      "title": "CVE-2024-36468"
    },
    {
      "cve": "CVE-2024-42333",
      "product_status": {
        "known_affected": [
          "T039483",
          "T039482",
          "T039485",
          "T039484",
          "2951",
          "T002207",
          "T039490",
          "T039492",
          "T039481",
          "T039480",
          "74185"
        ]
      },
      "release_date": "2024-11-27T23:00:00.000+00:00",
      "title": "CVE-2024-42333"
    },
    {
      "cve": "CVE-2024-42326",
      "product_status": {
        "known_affected": [
          "T039483",
          "T039493",
          "2951",
          "T002207",
          "T039480",
          "74185"
        ]
      },
      "release_date": "2024-11-27T23:00:00.000+00:00",
      "title": "CVE-2024-42326"
    },
    {
      "cve": "CVE-2024-42328",
      "product_status": {
        "known_affected": [
          "T039483",
          "T039493",
          "2951",
          "T002207",
          "T039480",
          "74185"
        ]
      },
      "release_date": "2024-11-27T23:00:00.000+00:00",
      "title": "CVE-2024-42328"
    },
    {
      "cve": "CVE-2024-42329",
      "product_status": {
        "known_affected": [
          "T039483",
          "T039493",
          "2951",
          "T002207",
          "T039480",
          "74185"
        ]
      },
      "release_date": "2024-11-27T23:00:00.000+00:00",
      "title": "CVE-2024-42329"
    },
    {
      "cve": "CVE-2024-42331",
      "product_status": {
        "known_affected": [
          "T039483",
          "T039493",
          "2951",
          "T002207",
          "T039480",
          "74185"
        ]
      },
      "release_date": "2024-11-27T23:00:00.000+00:00",
      "title": "CVE-2024-42331"
    },
    {
      "cve": "CVE-2024-42327",
      "product_status": {
        "known_affected": [
          "T039493",
          "T039485",
          "T039484",
          "2951",
          "T002207",
          "T039490",
          "T039492",
          "74185",
          "T039489"
        ]
      },
      "release_date": "2024-11-27T23:00:00.000+00:00",
      "title": "CVE-2024-42327"
    },
    {
      "cve": "CVE-2024-42330",
      "product_status": {
        "known_affected": [
          "T039483",
          "T039493",
          "T039482",
          "T039485",
          "T039484",
          "2951",
          "T002207",
          "T039490",
          "T039492",
          "T039481",
          "T039480",
          "74185"
        ]
      },
      "release_date": "2024-11-27T23:00:00.000+00:00",
      "title": "CVE-2024-42330"
    },
    {
      "cve": "CVE-2024-42332",
      "product_status": {
        "known_affected": [
          "74185",
          "T039489",
          "T039488",
          "T039482",
          "T039493",
          "T039485",
          "T039484",
          "2951",
          "T002207",
          "T039490",
          "T039481",
          "T039492",
          "T039480"
        ]
      },
      "release_date": "2024-11-27T23:00:00.000+00:00",
      "title": "CVE-2024-42332"
    },
    {
      "cve": "CVE-2024-36466",
      "product_status": {
        "known_affected": [
          "T039493",
          "T039485",
          "T039484",
          "2951",
          "T002207",
          "T039490",
          "T039492",
          "74185"
        ]
      },
      "release_date": "2024-11-27T23:00:00.000+00:00",
      "title": "CVE-2024-36466"
    }
  ]
}

CVE-2024-36464 (GCVE-0-2024-36464)

Vulnerability from cvelistv5 – Published: 2024-11-27 14:01 – Updated: 2025-11-03 21:55

Title

Media Types: Office365, SMTP passwords are unencrypted and visible in plaintext when exported

Summary

When exporting media types, the password is exported in the YAML in plain text. This appears to be a best practices type issue and may have no actual impact. The user would need to have permissions to access the media types and therefore would be expected to have access to these passwords.

Severity

2.7 (Low)


                        
                          CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

SSVC

Exploitation: none Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-256 - Plaintext Storage of a Password

Assigner

Zabbix

References

2 references

URL	Tags
https://support.zabbix.com/browse/ZBX-25630
https://lists.debian.org/debian-lts-announce/2024…

Impacted products

1 product

Vendor	Product	Version
Zabbix	Zabbix	Affected: 6.0.0 , ≤ 6.0.29 (git) Affected: 6.4.0 , ≤ 6.4.15 (git) Affected: 7.0.0alpha1 , ≤ 7.0.0 (git)

Date Public

2024-10-30 13:37

Credits

Zabbix wants to thank Jayateertha G for submitting this report on the HackerOne bug bounty platform.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-36464",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-27T14:27:15.357237Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-27T14:28:40.384Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T21:55:14.745Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2024/12/msg00005.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "modules": [
            "API",
            "Frontend",
            "Server"
          ],
          "product": "Zabbix",
          "repo": "https://git.zabbix.com/",
          "vendor": "Zabbix",
          "versions": [
            {
              "changes": [
                {
                  "at": "6.0.30rc1",
                  "status": "unaffected"
                }
              ],
              "lessThanOrEqual": "6.0.29",
              "status": "affected",
              "version": "6.0.0",
              "versionType": "git"
            },
            {
              "changes": [
                {
                  "at": "6.4.16rc1",
                  "status": "unaffected"
                }
              ],
              "lessThanOrEqual": "6.4.15",
              "status": "affected",
              "version": "6.4.0",
              "versionType": "git"
            },
            {
              "changes": [
                {
                  "at": "7.0.1rc1",
                  "status": "unaffected"
                }
              ],
              "lessThanOrEqual": "7.0.0",
              "status": "affected",
              "version": "7.0.0alpha1",
              "versionType": "git"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "Zabbix wants to thank Jayateertha G for submitting this report on the HackerOne bug bounty platform."
        }
      ],
      "datePublic": "2024-10-30T13:37:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "When exporting media types, the password is exported in the YAML in plain text. This appears to be a best practices type issue and may have no actual impact. The user would need to have permissions to access the media types and therefore would be expected to have access to these passwords."
            }
          ],
          "value": "When exporting media types, the password is exported in the YAML in plain text. This appears to be a best practices type issue and may have no actual impact. The user would need to have permissions to access the media types and therefore would be expected to have access to these passwords."
        }
      ],
      "impacts": [
        {
          "descriptions": [
            {
              "lang": "en",
              "value": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 2.7,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-256",
              "description": "CWE-256 Plaintext Storage of a Password",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-27T14:01:58.136Z",
        "orgId": "72de3e22-0555-4a0d-ae81-9249e0f0a1e8",
        "shortName": "Zabbix"
      },
      "references": [
        {
          "url": "https://support.zabbix.com/browse/ZBX-25630"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Media Types: Office365, SMTP passwords are unencrypted and visible in plaintext when exported",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "72de3e22-0555-4a0d-ae81-9249e0f0a1e8",
    "assignerShortName": "Zabbix",
    "cveId": "CVE-2024-36464",
    "datePublished": "2024-11-27T14:01:58.136Z",
    "dateReserved": "2024-05-28T11:21:24.946Z",
    "dateUpdated": "2025-11-03T21:55:14.745Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-36466 (GCVE-0-2024-36466)

Vulnerability from cvelistv5 – Published: 2024-11-28 07:19 – Updated: 2024-12-04 14:38

Title

Unauthenticated Zabbix frontend takeover when SSO is being used

Summary

A bug in the code allows an attacker to sign a forged zbx_session cookie, which then allows them to sign in with admin permissions.

Severity

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

SSVC

Exploitation: none Automatable: no Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

CWE-290 - Authentication Bypass by Spoofing

Assigner

Zabbix

References

1 reference

URL	Tags
https://support.zabbix.com/browse/ZBX-25635

Impacted products

2 products

Vendor	Product	Version
Zabbix	Zabbix	Affected: 6.0.0 , ≤ 6.0.31 (git) Affected: 6.4.0 , ≤ 6.4.16 (git) Affected: 7.0.0 (git)
zabbix	zabbix	Affected: 6.0.0 , ≤ 6.0.31 (git) Affected: 6.4.0 , ≤ 6.4.16 (git) Affected: 7.0.0 , < 7.0.1rc1 (custom) cpe:2.3:a:zabbix:zabbix::::::::

Date Public

2024-07-02 13:25

Credits

Zabbix wants to thank Márk Rákóczi (reeeeeeeeeeee) for submitting this report on the HackerOne bug bounty platform.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:zabbix:zabbix:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "zabbix",
            "vendor": "zabbix",
            "versions": [
              {
                "lessThanOrEqual": "6.0.31",
                "status": "affected",
                "version": "6.0.0",
                "versionType": "git"
              },
              {
                "lessThanOrEqual": "6.4.16",
                "status": "affected",
                "version": "6.4.0",
                "versionType": "git"
              },
              {
                "lessThan": "7.0.1rc1",
                "status": "affected",
                "version": "7.0.0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-36466",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-12-04T04:55:27.332810Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-12-04T14:38:41.930Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "modules": [
            "Frontend"
          ],
          "product": "Zabbix",
          "repo": "https://git.zabbix.com/",
          "vendor": "Zabbix",
          "versions": [
            {
              "changes": [
                {
                  "at": "6.0.32rc1",
                  "status": "unaffected"
                }
              ],
              "lessThanOrEqual": "6.0.31",
              "status": "affected",
              "version": "6.0.0",
              "versionType": "git"
            },
            {
              "changes": [
                {
                  "at": "6.4.17rc1",
                  "status": "unaffected"
                }
              ],
              "lessThanOrEqual": "6.4.16",
              "status": "affected",
              "version": "6.4.0",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "7.0.0",
              "versionType": "git"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Zabbix wants to thank M\u00e1rk R\u00e1k\u00f3czi (reeeeeeeeeeee) for submitting this report on the HackerOne bug bounty platform."
        }
      ],
      "datePublic": "2024-07-02T13:25:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A bug in the code allows an attacker to sign a forged zbx_session cookie, which then allows them to sign in with admin permissions.\u003cbr\u003e"
            }
          ],
          "value": "A bug in the code allows an attacker to sign a forged zbx_session cookie, which then allows them to sign in with admin permissions."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-196",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-196 Session Credential Falsification through Forging"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-290",
              "description": "CWE-290 Authentication Bypass by Spoofing",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-28T07:19:48.806Z",
        "orgId": "72de3e22-0555-4a0d-ae81-9249e0f0a1e8",
        "shortName": "Zabbix"
      },
      "references": [
        {
          "url": "https://support.zabbix.com/browse/ZBX-25635"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Unauthenticated Zabbix frontend takeover when SSO is being used",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Disabling SSO authentication method"
            }
          ],
          "value": "Disabling SSO authentication method"
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "72de3e22-0555-4a0d-ae81-9249e0f0a1e8",
    "assignerShortName": "Zabbix",
    "cveId": "CVE-2024-36466",
    "datePublished": "2024-11-28T07:19:48.806Z",
    "dateReserved": "2024-05-28T11:21:24.947Z",
    "dateUpdated": "2024-12-04T14:38:41.930Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-36468 (GCVE-0-2024-36468)

Vulnerability from cvelistv5 – Published: 2024-11-27 12:03 – Updated: 2024-11-27 14:57

Title

Stack buffer overflow in zbx_snmp_cache_handle_engineid

Summary

The reported vulnerability is a stack buffer overflow in the zbx_snmp_cache_handle_engineid function within the Zabbix server/proxy code. This issue occurs when copying data from session->securityEngineID to local_record.engineid without proper bounds checking.

Severity

3 (Low)


                        
                          CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N

SSVC

Exploitation: none Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-121 - Stack-based Buffer Overflow

Assigner

Zabbix

References

1 reference

URL	Tags
https://support.zabbix.com/browse/ZBX-25621

Impacted products

1 product

Vendor	Product	Version
Zabbix	Zabbix	Affected: 7.0.0 , ≤ 7.0.2rc1 (git)

Date Public

2024-09-12 12:30

Credits

Zabbix wants to thank chamal for submitting this report on the HackerOne bug bounty platform

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-36468",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-27T14:57:25.702787Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-27T14:57:32.411Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "modules": [
            "Proxy",
            "Server"
          ],
          "product": "Zabbix",
          "repo": "https://git.zabbix.com/",
          "vendor": "Zabbix",
          "versions": [
            {
              "changes": [
                {
                  "at": "7.0.3rc1",
                  "status": "unaffected"
                }
              ],
              "lessThanOrEqual": "7.0.2rc1",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "git"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Zabbix wants to thank chamal for submitting this report on the HackerOne bug bounty platform"
        }
      ],
      "datePublic": "2024-09-12T12:30:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "The reported vulnerability is a stack buffer overflow in the zbx_snmp_cache_handle_engineid function within the Zabbix server/proxy code. This issue occurs when copying data from session-\u0026gt;securityEngineID to local_record.engineid without proper bounds checking."
            }
          ],
          "value": "The reported vulnerability is a stack buffer overflow in the zbx_snmp_cache_handle_engineid function within the Zabbix server/proxy code. This issue occurs when copying data from session-\u003esecurityEngineID to local_record.engineid without proper bounds checking."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-100",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-100 Overflow Buffers"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 3,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-121",
              "description": "CWE-121 Stack-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-27T12:03:07.626Z",
        "orgId": "72de3e22-0555-4a0d-ae81-9249e0f0a1e8",
        "shortName": "Zabbix"
      },
      "references": [
        {
          "url": "https://support.zabbix.com/browse/ZBX-25621"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Stack buffer overflow in zbx_snmp_cache_handle_engineid",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "72de3e22-0555-4a0d-ae81-9249e0f0a1e8",
    "assignerShortName": "Zabbix",
    "cveId": "CVE-2024-36468",
    "datePublished": "2024-11-27T12:03:07.626Z",
    "dateReserved": "2024-05-28T11:21:24.947Z",
    "dateUpdated": "2024-11-27T14:57:32.411Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-42326 (GCVE-0-2024-42326)

Vulnerability from cvelistv5 – Published: 2024-11-27 12:03 – Updated: 2024-11-27 14:57

Title

Use after free vulnerability in browser.c

Summary

There was discovered a use after free bug in browser.c in the es_browser_get_variant function

Severity

4.4 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L

SSVC

Exploitation: none Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-416 - Use After Free

Assigner

Zabbix

References

1 reference

URL	Tags
https://support.zabbix.com/browse/ZBX-25622

Impacted products

1 product

Vendor	Product	Version
Zabbix	Zabbix	Affected: 7.0.0 , ≤ 7.0.3 (git)

Date Public

2024-10-30 12:49

Credits

Zabbix wants to thank chamal for submitting this report on the HackerOne bug bounty platform.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-42326",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-27T14:56:46.762724Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-27T14:57:07.595Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "modules": [
            "Server"
          ],
          "product": "Zabbix",
          "repo": "https://git.zabbix.com/",
          "vendor": "Zabbix",
          "versions": [
            {
              "changes": [
                {
                  "at": "7.0.4rc1",
                  "status": "unaffected"
                }
              ],
              "lessThanOrEqual": "7.0.3",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "git"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "Zabbix wants to thank chamal for submitting this report on the HackerOne bug bounty platform."
        }
      ],
      "datePublic": "2024-10-30T12:49:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "There was discovered a use after free bug in browser.c in the es_browser_get_variant function"
            }
          ],
          "value": "There was discovered a use after free bug in browser.c in the es_browser_get_variant function"
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-100",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-100 Overflow Buffers"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-416",
              "description": "CWE-416 Use After Free",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-27T12:03:37.611Z",
        "orgId": "72de3e22-0555-4a0d-ae81-9249e0f0a1e8",
        "shortName": "Zabbix"
      },
      "references": [
        {
          "url": "https://support.zabbix.com/browse/ZBX-25622"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Use after free vulnerability in browser.c",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "72de3e22-0555-4a0d-ae81-9249e0f0a1e8",
    "assignerShortName": "Zabbix",
    "cveId": "CVE-2024-42326",
    "datePublished": "2024-11-27T12:03:37.611Z",
    "dateReserved": "2024-07-30T08:27:36.132Z",
    "dateUpdated": "2024-11-27T14:57:07.595Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-42327 (GCVE-0-2024-42327)

Vulnerability from cvelistv5 – Published: 2024-11-27 12:04 – Updated: 2024-12-04 04:55

Title

SQL injection in user.get API

Summary

A non-admin user account on the Zabbix frontend with the default User role, or with any other role that gives API access can exploit this vulnerability. An SQLi exists in the CUser class in the addRelatedObjects function, this function is being called from the CUser.get function which is available for every user who has API access.

Severity

9.9 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

SSVC

Exploitation: none Automatable: no Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

CWE-89 - SQL Injection

Assigner

Zabbix

References

1 reference

URL	Tags
https://support.zabbix.com/browse/ZBX-25623

Impacted products

2 products

Vendor	Product	Version
Zabbix	Zabbix	Affected: 6.0.0 , ≤ 6.0.31 (git) Affected: 6.4.0 , ≤ 6.4.16 (git) Affected: 7.0.0 , ≤ 7.0.1 (git)
zabbix	zabbix	Affected: 6.0.0 , ≤ 6.0.31 (git) Affected: 6.4.0 , ≤ 6.4.16 (git) Affected: 7.0.0 , ≤ 7.0.1 (git) cpe:2.3:a:zabbix:zabbix::::::::

Date Public

2024-10-30 12:06

Credits

Zabbix wants to thank Márk Rákóczi (reeeeeeeeeeee) for submitting this report on the HackerOne bug bounty platform.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:zabbix:zabbix:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "zabbix",
            "vendor": "zabbix",
            "versions": [
              {
                "lessThanOrEqual": "6.0.31",
                "status": "affected",
                "version": "6.0.0",
                "versionType": "git"
              },
              {
                "lessThanOrEqual": "6.4.16",
                "status": "affected",
                "version": "6.4.0",
                "versionType": "git"
              },
              {
                "lessThanOrEqual": "7.0.1",
                "status": "affected",
                "version": "7.0.0",
                "versionType": "git"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-42327",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-12-03T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-12-04T04:55:21.730Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "modules": [
            "API"
          ],
          "product": "Zabbix",
          "repo": "https://git.zabbix.com/",
          "vendor": "Zabbix",
          "versions": [
            {
              "changes": [
                {
                  "at": "6.0.32rc1",
                  "status": "unaffected"
                }
              ],
              "lessThanOrEqual": "6.0.31",
              "status": "affected",
              "version": "6.0.0",
              "versionType": "git"
            },
            {
              "changes": [
                {
                  "at": "6.4.17rc1",
                  "status": "unaffected"
                }
              ],
              "lessThanOrEqual": "6.4.16",
              "status": "affected",
              "version": "6.4.0",
              "versionType": "git"
            },
            {
              "changes": [
                {
                  "at": "7.0.2rc1",
                  "status": "unaffected"
                }
              ],
              "lessThanOrEqual": "7.0.1",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "git"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Zabbix wants to thank M\u00e1rk R\u00e1k\u00f3czi (reeeeeeeeeeee) for submitting this report on the HackerOne bug bounty platform."
        }
      ],
      "datePublic": "2024-10-30T12:06:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A non-admin user account on the Zabbix frontend with the default User role, or with any other role that gives API access can exploit this vulnerability. An SQLi exists in the CUser class in the addRelatedObjects function, this function is being called from the CUser.get function which is available for every user who has API access."
            }
          ],
          "value": "A non-admin user account on the Zabbix frontend with the default User role, or with any other role that gives API access can exploit this vulnerability. An SQLi exists in the CUser class in the addRelatedObjects function, this function is being called from the CUser.get function which is available for every user who has API access."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-233",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-233: Privilege Escalation"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.9,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-89",
              "description": "CWE-89: SQL Injection",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-27T12:04:31.950Z",
        "orgId": "72de3e22-0555-4a0d-ae81-9249e0f0a1e8",
        "shortName": "Zabbix"
      },
      "references": [
        {
          "url": "https://support.zabbix.com/browse/ZBX-25623"
        }
      ],
      "source": {
        "discovery": "INTERNAL"
      },
      "title": "SQL injection in user.get API",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "72de3e22-0555-4a0d-ae81-9249e0f0a1e8",
    "assignerShortName": "Zabbix",
    "cveId": "CVE-2024-42327",
    "datePublished": "2024-11-27T12:04:31.950Z",
    "dateReserved": "2024-07-30T08:27:36.132Z",
    "dateUpdated": "2024-12-04T04:55:21.730Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-42328 (GCVE-0-2024-42328)

Vulnerability from cvelistv5 – Published: 2024-11-27 12:04 – Updated: 2024-11-27 14:56

Title

JS - Crash on empty HTTP server response

Summary

When the webdriver for the Browser object downloads data from a HTTP server, the data pointer is set to NULL and is allocated only in curl_write_cb when receiving data. If the server's response is an empty document, then wd->data in the code below will remain NULL and an attempt to read from it will result in a crash.

Severity

3.3 (Low)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

SSVC

Exploitation: none Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-690 - Unchecked Return Value to NULL Pointer Dereference
CWE-476 - NULL Pointer Dereference

Assigner

Zabbix

References

1 reference

URL	Tags
https://support.zabbix.com/browse/ZBX-25624

Impacted products

1 product

Vendor	Product	Version
Zabbix	Zabbix	Affected: 7.0.0 , ≤ 7.0.2 (git)

Date Public

2024-10-30 11:49

Credits

Zabbix wants to thank zhutyra for submitting this report on the HackerOne bug bounty platform

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-42328",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-27T14:56:07.120650Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-27T14:56:15.833Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "modules": [
            "Server"
          ],
          "product": "Zabbix",
          "repo": "https://git.zabbix.com/",
          "vendor": "Zabbix",
          "versions": [
            {
              "changes": [
                {
                  "at": "7.0.3rc1",
                  "status": "unaffected"
                }
              ],
              "lessThanOrEqual": "7.0.2",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "git"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "Zabbix wants to thank zhutyra for submitting this report on the HackerOne bug bounty platform"
        }
      ],
      "datePublic": "2024-10-30T11:49:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "When the webdriver for the Browser object downloads data from a HTTP server, the data pointer is set to NULL and is allocated only in curl_write_cb when receiving data. If the server\u0027s response is an empty document, then wd-\u0026gt;data in the code below will remain NULL and an attempt to read from it will result in a crash."
            }
          ],
          "value": "When the webdriver for the Browser object downloads data from a HTTP server, the data pointer is set to NULL and is allocated only in curl_write_cb when receiving data. If the server\u0027s response is an empty document, then wd-\u003edata in the code below will remain NULL and an attempt to read from it will result in a crash."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-215",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-215 Fuzzing for application mapping"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 3.3,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-690",
              "description": "CWE-690 Unchecked Return Value to NULL Pointer Dereference",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-476",
              "description": "CWE-476 NULL Pointer Dereference",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-27T12:04:53.864Z",
        "orgId": "72de3e22-0555-4a0d-ae81-9249e0f0a1e8",
        "shortName": "Zabbix"
      },
      "references": [
        {
          "url": "https://support.zabbix.com/browse/ZBX-25624"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "JS - Crash on empty HTTP server response",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "72de3e22-0555-4a0d-ae81-9249e0f0a1e8",
    "assignerShortName": "Zabbix",
    "cveId": "CVE-2024-42328",
    "datePublished": "2024-11-27T12:04:53.864Z",
    "dateReserved": "2024-07-30T08:27:36.132Z",
    "dateUpdated": "2024-11-27T14:56:15.833Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-42329 (GCVE-0-2024-42329)

Vulnerability from cvelistv5 – Published: 2024-11-27 12:05 – Updated: 2024-11-27 14:55

Title

JS - Crash on unexpected HTTP server response

Summary

The webdriver for the Browser object expects an error object to be initialized when the webdriver_session_query function fails. But this function can fail for various reasons without an error description and then the wd->error will be NULL and trying to read from it will result in a crash.

Severity

3.3 (Low)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

SSVC

Exploitation: none Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-690 - Unchecked Return Value to NULL Pointer Dereference
CWE-476 - NULL Pointer Dereference

Assigner

Zabbix

References

1 reference

URL	Tags
https://support.zabbix.com/browse/ZBX-25625

Impacted products

1 product

Vendor	Product	Version
Zabbix	Zabbix	Affected: 7.0.0 , ≤ 7.0.3rc1 (git)

Date Public

2024-10-30 11:36

Credits

Zabbix wants to thank zhutyra for submitting this report on the HackerOne bug bounty platform.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-42329",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-27T14:55:49.394112Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-27T14:55:58.417Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "modules": [
            "Server"
          ],
          "product": "Zabbix",
          "repo": "https://git.zabbix.com/",
          "vendor": "Zabbix",
          "versions": [
            {
              "changes": [
                {
                  "at": "7.0.4rc1",
                  "status": "unaffected"
                }
              ],
              "lessThanOrEqual": "7.0.3rc1",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "git"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "Zabbix wants to thank zhutyra for submitting this report on the HackerOne bug bounty platform."
        }
      ],
      "datePublic": "2024-10-30T11:36:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "The webdriver for the Browser object expects an error object to be initialized when the webdriver_session_query function fails. But this function can fail for various reasons without an error description and then the wd-\u0026gt;error will be NULL and trying to read from it will result in a crash."
            }
          ],
          "value": "The webdriver for the Browser object expects an error object to be initialized when the webdriver_session_query function fails. But this function can fail for various reasons without an error description and then the wd-\u003eerror will be NULL and trying to read from it will result in a crash."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-215",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-215 Fuzzing for application mapping"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 3.3,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-690",
              "description": "CWE-690 Unchecked Return Value to NULL Pointer Dereference",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-476",
              "description": "CWE-476 NULL Pointer Dereference",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-27T12:05:21.915Z",
        "orgId": "72de3e22-0555-4a0d-ae81-9249e0f0a1e8",
        "shortName": "Zabbix"
      },
      "references": [
        {
          "url": "https://support.zabbix.com/browse/ZBX-25625"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "JS - Crash on unexpected HTTP server response",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "72de3e22-0555-4a0d-ae81-9249e0f0a1e8",
    "assignerShortName": "Zabbix",
    "cveId": "CVE-2024-42329",
    "datePublished": "2024-11-27T12:05:21.915Z",
    "dateReserved": "2024-07-30T08:27:36.132Z",
    "dateUpdated": "2024-11-27T14:55:58.417Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-42330 (GCVE-0-2024-42330)

Vulnerability from cvelistv5 – Published: 2024-11-27 12:05 – Updated: 2025-11-03 22:04

Title

JS - Internal strings in HTTP headers

Summary

The HttpRequest object allows to get the HTTP headers from the server's response after sending the request. The problem is that the returned strings are created directly from the data returned by the server and are not correctly encoded for JavaScript. This allows to create internal strings that can be used to access hidden properties of objects.

Severity

9.1 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

SSVC

Exploitation: none Automatable: no Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

CWE-134 - Use of Externally-Controlled Format String

Assigner

Zabbix

References

2 references

URL	Tags
https://support.zabbix.com/browse/ZBX-25626
https://lists.debian.org/debian-lts-announce/2024…

Impacted products

2 products

Vendor	Product	Version
Zabbix	Zabbix	Affected: 6.0.0 , ≤ 6.0.33 (git) Affected: 6.4.0 , ≤ 6.4.18 (git) Affected: 7.0.0 , ≤ 7.0.3 (git)
zabbix	frontend	Affected: 6.0.0 , ≤ 6.0.33 (git) Affected: 6.4.0 , ≤ 6.4.18 (git) Affected: 7.0.0 , ≤ 7.0.3 (git) cpe:2.3:a:zabbix:frontend::::::::

Date Public

2024-10-30 09:43

Credits

Zabbix wants to thank zhutyra for submitting this report on the HackerOne bug bounty platform.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:zabbix:frontend:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "frontend",
            "vendor": "zabbix",
            "versions": [
              {
                "lessThanOrEqual": "6.0.33",
                "status": "affected",
                "version": "6.0.0",
                "versionType": "git"
              },
              {
                "lessThanOrEqual": "6.4.18",
                "status": "affected",
                "version": "6.4.0",
                "versionType": "git"
              },
              {
                "lessThanOrEqual": "7.0.3",
                "status": "affected",
                "version": "7.0.0",
                "versionType": "git"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-42330",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-12-03T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-12-04T04:55:23.233Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:04:43.106Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2024/12/msg00005.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "modules": [
            "Server"
          ],
          "product": "Zabbix",
          "repo": "https://git.zabbix.com/",
          "vendor": "Zabbix",
          "versions": [
            {
              "changes": [
                {
                  "at": "6.0.34rc1",
                  "status": "unaffected"
                }
              ],
              "lessThanOrEqual": "6.0.33",
              "status": "affected",
              "version": "6.0.0",
              "versionType": "git"
            },
            {
              "changes": [
                {
                  "at": "6.4.19rc1",
                  "status": "unaffected"
                }
              ],
              "lessThanOrEqual": "6.4.18",
              "status": "affected",
              "version": "6.4.0",
              "versionType": "git"
            },
            {
              "changes": [
                {
                  "at": "7.0.4rc1",
                  "status": "unaffected"
                }
              ],
              "lessThanOrEqual": "7.0.3",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "git"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "Zabbix wants to thank zhutyra for submitting this report on the HackerOne bug bounty platform."
        }
      ],
      "datePublic": "2024-10-30T09:43:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "The HttpRequest object allows to get the HTTP headers from the server\u0027s response after sending the request. The problem is that the returned strings are created directly from the data returned by the server and are not correctly encoded for JavaScript. This allows to create internal strings that can be used to access hidden properties of objects."
            }
          ],
          "value": "The HttpRequest object allows to get the HTTP headers from the server\u0027s response after sending the request. The problem is that the returned strings are created directly from the data returned by the server and are not correctly encoded for JavaScript. This allows to create internal strings that can be used to access hidden properties of objects."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-100",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-100 Overflow Buffers"
            }
          ]
        },
        {
          "capecId": "CAPEC-253",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-253 Remote Code Inclusion"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-134",
              "description": "CWE-134 Use of Externally-Controlled Format String",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-27T12:05:47.722Z",
        "orgId": "72de3e22-0555-4a0d-ae81-9249e0f0a1e8",
        "shortName": "Zabbix"
      },
      "references": [
        {
          "url": "https://support.zabbix.com/browse/ZBX-25626"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "JS - Internal strings in HTTP headers",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "72de3e22-0555-4a0d-ae81-9249e0f0a1e8",
    "assignerShortName": "Zabbix",
    "cveId": "CVE-2024-42330",
    "datePublished": "2024-11-27T12:05:47.722Z",
    "dateReserved": "2024-07-30T08:27:36.132Z",
    "dateUpdated": "2025-11-03T22:04:43.106Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-42331 (GCVE-0-2024-42331)

Vulnerability from cvelistv5 – Published: 2024-11-27 12:06 – Updated: 2025-11-03 22:04

Title

Use after free in browser_push_error

Summary

In the src/libs/zbxembed/browser.c file, the es_browser_ctor method retrieves a heap pointer from the Duktape JavaScript engine. This heap pointer is subsequently utilized by the browser_push_error method in the src/libs/zbxembed/browser_error.c file. A use-after-free bug can occur at this stage if the wd->browser heap pointer is freed by garbage collection.

Severity

3.3 (Low)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

SSVC

Exploitation: none Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-416 - Use After Free

Assigner

Zabbix

References

2 references

URL	Tags
https://support.zabbix.com/browse/ZBX-25627
https://lists.debian.org/debian-lts-announce/2024…

Impacted products

1 product

Vendor	Product	Version
Zabbix	Zabbix	Affected: 7.0.0 , ≤ 7.0.3 (git)

Date Public

2024-10-30 09:13

Credits

Zabbix wants to thank chamal for submitting this report on the HackerOne bug bounty platform.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-42331",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-27T14:55:25.904954Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-27T14:55:34.113Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:04:44.569Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2024/12/msg00005.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "modules": [
            "Server"
          ],
          "product": "Zabbix",
          "repo": "https://git.zabbix.com/",
          "vendor": "Zabbix",
          "versions": [
            {
              "changes": [
                {
                  "at": "7.0.4rc1",
                  "status": "unaffected"
                }
              ],
              "lessThanOrEqual": "7.0.3",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "git"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "Zabbix wants to thank chamal for submitting this report on the HackerOne bug bounty platform."
        }
      ],
      "datePublic": "2024-10-30T09:13:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "In the src/libs/zbxembed/browser.c file, the es_browser_ctor method retrieves a heap pointer from the Duktape JavaScript engine. This heap pointer is subsequently utilized by the browser_push_error method in the src/libs/zbxembed/browser_error.c file. A use-after-free bug can occur at this stage if the wd-\u0026gt;browser heap pointer is freed by garbage collection."
            }
          ],
          "value": "In the src/libs/zbxembed/browser.c file, the es_browser_ctor method retrieves a heap pointer from the Duktape JavaScript engine. This heap pointer is subsequently utilized by the browser_push_error method in the src/libs/zbxembed/browser_error.c file. A use-after-free bug can occur at this stage if the wd-\u003ebrowser heap pointer is freed by garbage collection."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-100",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-100 Overflow Buffers"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 3.3,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-416",
              "description": "CWE-416 Use After Free",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-27T12:06:12.250Z",
        "orgId": "72de3e22-0555-4a0d-ae81-9249e0f0a1e8",
        "shortName": "Zabbix"
      },
      "references": [
        {
          "url": "https://support.zabbix.com/browse/ZBX-25627"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Use after free in browser_push_error",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "72de3e22-0555-4a0d-ae81-9249e0f0a1e8",
    "assignerShortName": "Zabbix",
    "cveId": "CVE-2024-42331",
    "datePublished": "2024-11-27T12:06:12.250Z",
    "dateReserved": "2024-07-30T08:27:36.132Z",
    "dateUpdated": "2025-11-03T22:04:44.569Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-42332 (GCVE-0-2024-42332)

Vulnerability from cvelistv5 – Published: 2024-11-27 12:06 – Updated: 2025-11-03 22:04

Title

New line injection in Zabbix SNMP traps

Summary

The researcher is showing that due to the way the SNMP trap log is parsed, an attacker can craft an SNMP trap with additional lines of information and have forged data show in the Zabbix UI. This attack requires SNMP auth to be off and/or the attacker to know the community/auth details. The attack requires an SNMP item to be configured as text on the target host.

Severity

3.7 (Low)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

SSVC

Exploitation: none Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE 117 Improper Output Neutralization for Logs

Assigner

Zabbix

References

2 references

URL	Tags
https://support.zabbix.com/browse/ZBX-25628
https://lists.debian.org/debian-lts-announce/2024…

Impacted products

1 product

Vendor	Product	Version
Zabbix	Zabbix	Affected: 6.0.0 , < 6.0.34 (git) Affected: 6.4.0 , < 6.4.19 (git) Affected: 7.0.0 , < 7.0.4 (git)

Date Public

2024-10-30 06:00

Credits

Zabbix wants to thank chamal for submitting this report on the HackerOne bug bounty platform.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-42332",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-27T14:54:59.322691Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-27T14:55:10.340Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:04:46.012Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2024/12/msg00005.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "modules": [
            "Server"
          ],
          "product": "Zabbix",
          "repo": "https://git.zabbix.com/",
          "vendor": "Zabbix",
          "versions": [
            {
              "changes": [
                {
                  "at": "6.0.35rc1",
                  "status": "unaffected"
                }
              ],
              "lessThan": "6.0.34",
              "status": "affected",
              "version": "6.0.0",
              "versionType": "git"
            },
            {
              "changes": [
                {
                  "at": "6.4.20rc1",
                  "status": "unaffected"
                }
              ],
              "lessThan": "6.4.19",
              "status": "affected",
              "version": "6.4.0",
              "versionType": "git"
            },
            {
              "changes": [
                {
                  "at": "7.0.5rc1",
                  "status": "unaffected"
                }
              ],
              "lessThan": "7.0.4",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "git"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "Zabbix wants to thank chamal for submitting this report on the HackerOne bug bounty platform."
        }
      ],
      "datePublic": "2024-10-30T06:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "The researcher is showing that due to the way the SNMP trap log is parsed, an attacker can craft an SNMP trap with additional lines of information and have forged data show in the Zabbix UI. This attack requires SNMP auth to be off and/or the attacker to know the community/auth details. The attack requires an SNMP item to be configured as text on the target host."
            }
          ],
          "value": "The researcher is showing that due to the way the SNMP trap log is parsed, an attacker can craft an SNMP trap with additional lines of information and have forged data show in the Zabbix UI. This attack requires SNMP auth to be off and/or the attacker to know the community/auth details. The attack requires an SNMP item to be configured as text on the target host."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-93",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-93 Log Injection-Tampering-Forging"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 3.7,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE 117 Improper Output Neutralization for Logs",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-27T12:06:44.515Z",
        "orgId": "72de3e22-0555-4a0d-ae81-9249e0f0a1e8",
        "shortName": "Zabbix"
      },
      "references": [
        {
          "url": "https://support.zabbix.com/browse/ZBX-25628"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "New line injection in Zabbix SNMP traps",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "72de3e22-0555-4a0d-ae81-9249e0f0a1e8",
    "assignerShortName": "Zabbix",
    "cveId": "CVE-2024-42332",
    "datePublished": "2024-11-27T12:06:44.515Z",
    "dateReserved": "2024-07-30T08:27:36.132Z",
    "dateUpdated": "2025-11-03T22:04:46.012Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

WID-SEC-W-2024-3562

CVE-2024-36464 (GCVE-0-2024-36464)

CVE-2024-36466 (GCVE-0-2024-36466)

CVE-2024-36468 (GCVE-0-2024-36468)

CVE-2024-42326 (GCVE-0-2024-42326)

CVE-2024-42327 (GCVE-0-2024-42327)

CVE-2024-42328 (GCVE-0-2024-42328)

CVE-2024-42329 (GCVE-0-2024-42329)

CVE-2024-42330 (GCVE-0-2024-42330)

CVE-2024-42331 (GCVE-0-2024-42331)

CVE-2024-42332 (GCVE-0-2024-42332)

Tags

Sightings

Nomenclature