SUSE-SU-2022:3101-1

Опубликовано: 06 сент. 2022

Источник: suse-cvrf

Описание

Security update for zabbix

This update for zabbix fixes the following issues:

CVE-2022-35230: Javascript embedded in links for graphs page will be executed (bsc#1201290).

Список пакетов

SUSE Linux Enterprise Server 12 SP5

zabbix-agent-4.0.12-4.18.1

SUSE Linux Enterprise Server for SAP Applications 12 SP5

zabbix-agent-4.0.12-4.18.1

Ссылки

https://www.suse.com/support/update/announcement/2022/suse-su-20223101-1/
Link for SUSE-SU-2022:3101-1
https://lists.suse.com/pipermail/sle-security-updates/2022-September/012111.html
E-Mail link for SUSE-SU-2022:3101-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1201290
SUSE Bug 1201290
https://www.suse.com/security/cve/CVE-2022-35230/
SUSE CVE CVE-2022-35230 page

Описание

An authenticated user can create a link with reflected Javascript code inside it for the graphs page and send it to other users. The payload can be executed only with a known CSRF token value of the victim, which is changed periodically and is difficult to predict.

Затронутые продукты

SUSE Linux Enterprise Server 12 SP5:zabbix-agent-4.0.12-4.18.1

SUSE Linux Enterprise Server for SAP Applications 12 SP5:zabbix-agent-4.0.12-4.18.1

Ссылки

https://www.suse.com/security/cve/CVE-2022-35230.html
CVE-2022-35230
https://bugzilla.suse.com/1201290
SUSE Bug 1201290

SUSE-SU-2022:3101-1

Описание

Список пакетов

SUSE Linux Enterprise Server 12 SP5

SUSE Linux Enterprise Server for SAP Applications 12 SP5

Ссылки

Уязвимость: CVE-2022-35230

Описание

Затронутые продукты

Ссылки