Описание
An authenticated Zabbix user (including Guest) is able to cause disproportionate CPU load on the webserver by sending specially crafted parameters to /imgstore.php, leading to potential denial of service.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| zabbix | fixed | 1:7.0.22+dfsg-1 | package | |
| zabbix | fixed | 1:7.0.22+dfsg-1~deb13u1 | trixie | package |
| zabbix | ignored | bookworm | package | |
| zabbix | ignored | bullseye | package |
Примечания
https://support.zabbix.com/browse/ZBX-27284
Fixed by: https://github.com/zabbix/zabbix/commit/b4757c1eaa571abbf0aa6fa2fe2e77ccf4c205f8 (7.0.19rc1)
Fixed by: https://github.com/zabbix/zabbix/commit/aeada86d3c8231e1e173c6a7ac19ea60bf899b86 (6.0.42rc1)
Fixed in: 6.0.42, 7.0.19, 7.2.13, 7.4.3
EPSS
Связанные уязвимости
An authenticated Zabbix user (including Guest) is able to cause disproportionate CPU load on the webserver by sending specially crafted parameters to /imgstore.php, leading to potential denial of service.
An authenticated Zabbix user (including Guest) is able to cause disproportionate CPU load on the webserver by sending specially crafted parameters to /imgstore.php, leading to potential denial of service.
An authenticated Zabbix user (including Guest) is able to cause disproportionate CPU load on the webserver by sending specially crafted parameters to /imgstore.php, leading to potential denial of service.
Уязвимость сценария imgstore.php системы мониторинга ИТ-инфраструктуры Zabbix, позволяющая нарушителю вызвать отказ в обслуживании
EPSS