Описание
JavaScript pre-processing can be used by the attacker to gain access to the file system (read-only access on behalf of user "zabbix") on the Zabbix Server or Zabbix Proxy, potentially leading to unauthorized access to sensitive data.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| zabbix | fixed | 1:6.0.23+dfsg-1 | package | |
| zabbix | no-dsa | bookworm | package |
Примечания
https://support.zabbix.com/browse/ZBX-22588
Patch for 5.0.32rc1: https://github.com/zabbix/zabbix/commit/c3f1543e4
Patch for 6.0.14rc2: https://github.com/zabbix/zabbix/commit/76f6a80cb
EPSS
Связанные уязвимости
JavaScript pre-processing can be used by the attacker to gain access to the file system (read-only access on behalf of user "zabbix") on the Zabbix Server or Zabbix Proxy, potentially leading to unauthorized access to sensitive data.
JavaScript pre-processing can be used by the attacker to gain access to the file system (read-only access on behalf of user "zabbix") on the Zabbix Server or Zabbix Proxy, potentially leading to unauthorized access to sensitive data.
JavaScript pre-processing can be used by the attacker to gain access to the file system (read-only access on behalf of user "zabbix") on the Zabbix Server or Zabbix Proxy, potentially leading to unauthorized access to sensitive data.
Уязвимость универсальной системы мониторинга Zabbix, связанная с использованием файлов и каталогов, доступных внешним сторонам, позволяющая нарушителю получить доступ к конфиденциальным данным
EPSS