Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2024-22117

Опубликовано: 26 нояб. 2024
Источник: debian

Описание

When a URL is added to the map element, it is recorded in the database with sequential IDs. Upon adding a new URL, the system retrieves the last sysmapelementurlid value and increments it by one. However, an issue arises when a user manually changes the sysmapelementurlid value by adding sysmapelementurlid + 1. This action prevents others from adding URLs to the map element.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
zabbixfixed1:7.0.5+dfsg-1package

Примечания

  • https://support.zabbix.com/browse/ZBX-25610

  • Fixed by: https://github.com/zabbix/zabbix/commit/bcf43da8eaaafc03e53845085f5b87d8c858ac81 (7.0.4rc1)

  • Fixed by: https://github.com/zabbix/zabbix/commit/73d694022cd8e3468d1fdb1dc672e8d0eb9a2fc3 (6.0.34rc1)

  • Fixed by: https://github.com/zabbix/zabbix/commit/c9810cd2dfe65922ec5e84f06c0b44d38262fbe5 (5.0.44rc1)

Связанные уязвимости

ubuntu логотип

CVE-2024-22117

CVSS3: 2.2
ubuntu
7 месяцев назад

When a URL is added to the map element, it is recorded in the database with sequential IDs. Upon adding a new URL, the system retrieves the last sysmapelementurlid value and increments it by one. However, an issue arises when a user manually changes the sysmapelementurlid value by adding sysmapelementurlid + 1. This action prevents others from adding URLs to the map element.

nvd логотип

CVE-2024-22117

CVSS3: 2.2
nvd
7 месяцев назад

When a URL is added to the map element, it is recorded in the database with sequential IDs. Upon adding a new URL, the system retrieves the last sysmapelementurlid value and increments it by one. However, an issue arises when a user manually changes the sysmapelementurlid value by adding sysmapelementurlid + 1. This action prevents others from adding URLs to the map element.

github логотип

GHSA-vmrp-q2j9-gmqr

CVSS3: 2.2
github
7 месяцев назад

When a URL is added to the map element, it is recorded in the database with sequential IDs. Upon adding a new URL, the system retrieves the last sysmapelementurlid value and increments it by one. However, an issue arises when a user manually changes the sysmapelementurlid value by adding sysmapelementurlid + 1. This action prevents others from adding URLs to the map element.

fstec логотип

BDU:2025-00337

CVSS3: 2.2
fstec
7 месяцев назад

Уязвимость сервера универсальной системы мониторинга Zabbix, связанная с недостаточной проверкой входных данных, позволяющая нарушителю повысить свои привилегии

redos логотип

ROS-20250110-06

CVSS3: 9.1
redos
5 месяцев назад

Множественные уязвимости zabbix-server-pgsql