Vulnerability-Lookup

WID-SEC-W-2024-3562

Vulnerability from csaf_certbund - Published: 2024-11-27 23:00 - Updated: 2025-08-10 22:00

Summary

Zabbix: Mehrere Schwachstellen

Severity

Hoch

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung: Zabbix ist ein Open-Source Netzwerk-Monitoringsystem.

Angriff: Ein Angreifer kann mehrere Schwachstellen in Zabbix ausnutzen, um vertrauliche Informationen preiszugeben, einen Denial-of-Service-Zustand zu erzeugen, erhöhte Rechte zu erlangen, beliebigen Code auszuführen und Daten zu manipulieren.

Betroffene Betriebssysteme: - Sonstiges - UNIX

CVE-2024-36464

CVE-2024-36468

CVE-2024-42333

CVE-2024-42326

CVE-2024-42328

CVE-2024-42329

CVE-2024-42331

CVE-2024-42327

CVE-2024-42330

CVE-2024-42332

CVE-2024-36466

References

URL

Category

	https://wid.cert-bund.de/.well-known/csaf/white/2…	self
	https://wid.cert-bund.de/portal/wid/securityadvis…	self
	https://support.zabbix.com/browse/ZBX-25621	external
	https://support.zabbix.com/browse/ZBX-25622	external
	https://support.zabbix.com/browse/ZBX-25623	external
	https://support.zabbix.com/browse/ZBX-25624	external
	https://support.zabbix.com/browse/ZBX-25625	external
	https://support.zabbix.com/browse/ZBX-25626	external
	https://support.zabbix.com/browse/ZBX-25627	external
	https://support.zabbix.com/browse/ZBX-25628	external
	https://support.zabbix.com/browse/ZBX-25629	external
	https://support.zabbix.com/browse/ZBX-25630	external
	https://bodhi.fedoraproject.org/updates/FEDORA-20…	external
	https://bodhi.fedoraproject.org/updates/FEDORA-EP…	external
	https://bodhi.fedoraproject.org/updates/FEDORA-EP…	external
	https://github.com/aramosf/cve-2024-42327	external
	https://lists.debian.org/debian-lts-announce/2024…	external
	https://lists.suse.com/pipermail/sle-security-upd…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Zabbix ist ein Open-Source Netzwerk-Monitoringsystem.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein Angreifer kann mehrere Schwachstellen in Zabbix ausnutzen, um vertrauliche Informationen preiszugeben, einen Denial-of-Service-Zustand zu erzeugen, erh\u00f6hte Rechte zu erlangen, beliebigen Code auszuf\u00fchren und Daten zu manipulieren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Sonstiges\n- UNIX",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2024-3562 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-3562.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2024-3562 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-3562"
      },
      {
        "category": "external",
        "summary": "Zabbix bugs and issues vom 2024-11-27",
        "url": "https://support.zabbix.com/browse/ZBX-25621"
      },
      {
        "category": "external",
        "summary": "Zabbix bugs and issues vom 2024-11-27",
        "url": "https://support.zabbix.com/browse/ZBX-25622"
      },
      {
        "category": "external",
        "summary": "Zabbix bugs and issues vom 2024-11-27",
        "url": "https://support.zabbix.com/browse/ZBX-25623"
      },
      {
        "category": "external",
        "summary": "Zabbix bugs and issues vom 2024-11-27",
        "url": "https://support.zabbix.com/browse/ZBX-25624"
      },
      {
        "category": "external",
        "summary": "Zabbix bugs and issues vom 2024-11-27",
        "url": "https://support.zabbix.com/browse/ZBX-25625"
      },
      {
        "category": "external",
        "summary": "Zabbix bugs and issues vom 2024-11-27",
        "url": "https://support.zabbix.com/browse/ZBX-25626"
      },
      {
        "category": "external",
        "summary": "Zabbix bugs and issues vom 2024-11-27",
        "url": "https://support.zabbix.com/browse/ZBX-25627"
      },
      {
        "category": "external",
        "summary": "Zabbix bugs and issues vom 2024-11-27",
        "url": "https://support.zabbix.com/browse/ZBX-25628"
      },
      {
        "category": "external",
        "summary": "Zabbix bugs and issues vom 2024-11-27",
        "url": "https://support.zabbix.com/browse/ZBX-25629"
      },
      {
        "category": "external",
        "summary": "Zabbix bugs and issues vom 2024-11-27",
        "url": "https://support.zabbix.com/browse/ZBX-25630"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-2024-BCDEA6E995 vom 2024-12-01",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2024-bcdea6e995"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-EPEL-2024-59FE4B1ED6 vom 2024-12-01",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-59fe4b1ed6"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-EPEL-2024-A84AA88792 vom 2024-12-01",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-a84aa88792"
      },
      {
        "category": "external",
        "summary": "PoC auf GitHub vom 2024-12-03",
        "url": "https://github.com/aramosf/cve-2024-42327"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DLA-3984 vom 2024-12-07",
        "url": "https://lists.debian.org/debian-lts-announce/2024/12/msg00005.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2025:02746-1 vom 2025-08-11",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2025-August/022126.html"
      }
    ],
    "source_lang": "en-US",
    "title": "Zabbix: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2025-08-10T22:00:00.000+00:00",
      "generator": {
        "date": "2025-08-11T09:47:13.698+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.4.0"
        }
      },
      "id": "WID-SEC-W-2024-3562",
      "initial_release_date": "2024-11-27T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2024-11-27T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2024-12-01T23:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von Fedora aufgenommen"
        },
        {
          "date": "2024-12-03T23:00:00.000+00:00",
          "number": "3",
          "summary": "PoC aufgenommen"
        },
        {
          "date": "2024-12-08T23:00:00.000+00:00",
          "number": "4",
          "summary": "Neue Updates von Debian aufgenommen"
        },
        {
          "date": "2025-08-10T22:00:00.000+00:00",
          "number": "5",
          "summary": "Neue Updates von SUSE aufgenommen"
        }
      ],
      "status": "final",
      "version": "5"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Debian Linux",
            "product": {
              "name": "Debian Linux",
              "product_id": "2951",
              "product_identification_helper": {
                "cpe": "cpe:/o:debian:debian_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Debian"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Fedora Linux",
            "product": {
              "name": "Fedora Linux",
              "product_id": "74185",
              "product_identification_helper": {
                "cpe": "cpe:/o:fedoraproject:fedora:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Fedora"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "SUSE Linux",
            "product": {
              "name": "SUSE Linux",
              "product_id": "T002207",
              "product_identification_helper": {
                "cpe": "cpe:/o:suse:suse_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c7.0.3rc1",
                "product": {
                  "name": "Zabbix Zabbix \u003c7.0.3rc1",
                  "product_id": "T039480"
                }
              },
              {
                "category": "product_version",
                "name": "7.0.3rc1",
                "product": {
                  "name": "Zabbix Zabbix 7.0.3rc1",
                  "product_id": "T039480-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:zabbix:zabbix:7.0.3rc1"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c6.0.34rc1",
                "product": {
                  "name": "Zabbix Zabbix \u003c6.0.34rc1",
                  "product_id": "T039481"
                }
              },
              {
                "category": "product_version",
                "name": "6.0.34rc1",
                "product": {
                  "name": "Zabbix Zabbix 6.0.34rc1",
                  "product_id": "T039481-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:zabbix:zabbix:6.0.34rc1"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c6.4.19rc1",
                "product": {
                  "name": "Zabbix Zabbix \u003c6.4.19rc1",
                  "product_id": "T039482"
                }
              },
              {
                "category": "product_version",
                "name": "6.4.19rc1",
                "product": {
                  "name": "Zabbix Zabbix 6.4.19rc1",
                  "product_id": "T039482-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:zabbix:zabbix:6.4.19rc1"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c7.0.4rc1",
                "product": {
                  "name": "Zabbix Zabbix \u003c7.0.4rc1",
                  "product_id": "T039483"
                }
              },
              {
                "category": "product_version",
                "name": "7.0.4rc1",
                "product": {
                  "name": "Zabbix Zabbix 7.0.4rc1",
                  "product_id": "T039483-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:zabbix:zabbix:7.0.4rc1"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c6.0.32rc1",
                "product": {
                  "name": "Zabbix Zabbix \u003c6.0.32rc1",
                  "product_id": "T039484"
                }
              },
              {
                "category": "product_version",
                "name": "6.0.32rc1",
                "product": {
                  "name": "Zabbix Zabbix 6.0.32rc1",
                  "product_id": "T039484-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:zabbix:zabbix:6.0.32rc1"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c6.4.17rc1",
                "product": {
                  "name": "Zabbix Zabbix \u003c6.4.17rc1",
                  "product_id": "T039485"
                }
              },
              {
                "category": "product_version",
                "name": "6.4.17rc1",
                "product": {
                  "name": "Zabbix Zabbix 6.4.17rc1",
                  "product_id": "T039485-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:zabbix:zabbix:6.4.17rc1"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c6.0.35rc1",
                "product": {
                  "name": "Zabbix Zabbix \u003c6.0.35rc1",
                  "product_id": "T039488"
                }
              },
              {
                "category": "product_version",
                "name": "6.0.35rc1",
                "product": {
                  "name": "Zabbix Zabbix 6.0.35rc1",
                  "product_id": "T039488-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:zabbix:zabbix:6.0.35rc1"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c6.4.20rc1",
                "product": {
                  "name": "Zabbix Zabbix \u003c6.4.20rc1",
                  "product_id": "T039489"
                }
              },
              {
                "category": "product_version",
                "name": "6.4.20rc1",
                "product": {
                  "name": "Zabbix Zabbix 6.4.20rc1",
                  "product_id": "T039489-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:zabbix:zabbix:6.4.20rc1"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c6.0.30rc1",
                "product": {
                  "name": "Zabbix Zabbix \u003c6.0.30rc1",
                  "product_id": "T039490"
                }
              },
              {
                "category": "product_version",
                "name": "6.0.30rc1",
                "product": {
                  "name": "Zabbix Zabbix 6.0.30rc1",
                  "product_id": "T039490-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:zabbix:zabbix:6.0.30rc1"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c6.4.15rc1",
                "product": {
                  "name": "Zabbix Zabbix \u003c6.4.15rc1",
                  "product_id": "T039492"
                }
              },
              {
                "category": "product_version",
                "name": "6.4.15rc1",
                "product": {
                  "name": "Zabbix Zabbix 6.4.15rc1",
                  "product_id": "T039492-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:zabbix:zabbix:6.4.15rc1"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c7.0.1rc1",
                "product": {
                  "name": "Zabbix Zabbix \u003c7.0.1rc1",
                  "product_id": "T039493"
                }
              },
              {
                "category": "product_version",
                "name": "7.0.1rc1",
                "product": {
                  "name": "Zabbix Zabbix 7.0.1rc1",
                  "product_id": "T039493-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:zabbix:zabbix:7.0.1rc1"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Zabbix"
          }
        ],
        "category": "vendor",
        "name": "Zabbix"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-36464",
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "T039490",
          "T039492",
          "74185"
        ]
      },
      "release_date": "2024-11-27T23:00:00.000+00:00",
      "title": "CVE-2024-36464"
    },
    {
      "cve": "CVE-2024-36468",
      "product_status": {
        "known_affected": [
          "T039483",
          "T039482",
          "T039485",
          "T039484",
          "2951",
          "T002207",
          "T039490",
          "T039492",
          "T039481",
          "T039480",
          "74185"
        ]
      },
      "release_date": "2024-11-27T23:00:00.000+00:00",
      "title": "CVE-2024-36468"
    },
    {
      "cve": "CVE-2024-42333",
      "product_status": {
        "known_affected": [
          "T039483",
          "T039482",
          "T039485",
          "T039484",
          "2951",
          "T002207",
          "T039490",
          "T039492",
          "T039481",
          "T039480",
          "74185"
        ]
      },
      "release_date": "2024-11-27T23:00:00.000+00:00",
      "title": "CVE-2024-42333"
    },
    {
      "cve": "CVE-2024-42326",
      "product_status": {
        "known_affected": [
          "T039483",
          "T039493",
          "2951",
          "T002207",
          "T039480",
          "74185"
        ]
      },
      "release_date": "2024-11-27T23:00:00.000+00:00",
      "title": "CVE-2024-42326"
    },
    {
      "cve": "CVE-2024-42328",
      "product_status": {
        "known_affected": [
          "T039483",
          "T039493",
          "2951",
          "T002207",
          "T039480",
          "74185"
        ]
      },
      "release_date": "2024-11-27T23:00:00.000+00:00",
      "title": "CVE-2024-42328"
    },
    {
      "cve": "CVE-2024-42329",
      "product_status": {
        "known_affected": [
          "T039483",
          "T039493",
          "2951",
          "T002207",
          "T039480",
          "74185"
        ]
      },
      "release_date": "2024-11-27T23:00:00.000+00:00",
      "title": "CVE-2024-42329"
    },
    {
      "cve": "CVE-2024-42331",
      "product_status": {
        "known_affected": [
          "T039483",
          "T039493",
          "2951",
          "T002207",
          "T039480",
          "74185"
        ]
      },
      "release_date": "2024-11-27T23:00:00.000+00:00",
      "title": "CVE-2024-42331"
    },
    {
      "cve": "CVE-2024-42327",
      "product_status": {
        "known_affected": [
          "T039493",
          "T039485",
          "T039484",
          "2951",
          "T002207",
          "T039490",
          "T039492",
          "74185",
          "T039489"
        ]
      },
      "release_date": "2024-11-27T23:00:00.000+00:00",
      "title": "CVE-2024-42327"
    },
    {
      "cve": "CVE-2024-42330",
      "product_status": {
        "known_affected": [
          "T039483",
          "T039493",
          "T039482",
          "T039485",
          "T039484",
          "2951",
          "T002207",
          "T039490",
          "T039492",
          "T039481",
          "T039480",
          "74185"
        ]
      },
      "release_date": "2024-11-27T23:00:00.000+00:00",
      "title": "CVE-2024-42330"
    },
    {
      "cve": "CVE-2024-42332",
      "product_status": {
        "known_affected": [
          "74185",
          "T039489",
          "T039488",
          "T039482",
          "T039493",
          "T039485",
          "T039484",
          "2951",
          "T002207",
          "T039490",
          "T039481",
          "T039492",
          "T039480"
        ]
      },
      "release_date": "2024-11-27T23:00:00.000+00:00",
      "title": "CVE-2024-42332"
    },
    {
      "cve": "CVE-2024-36466",
      "product_status": {
        "known_affected": [
          "T039493",
          "T039485",
          "T039484",
          "2951",
          "T002207",
          "T039490",
          "T039492",
          "74185"
        ]
      },
      "release_date": "2024-11-27T23:00:00.000+00:00",
      "title": "CVE-2024-36466"
    }
  ]
}

CVE-2024-42330 (GCVE-0-2024-42330)

Vulnerability from cvelistv5 – Published: 2024-11-27 12:05 – Updated: 2025-11-03 22:04

Title

JS - Internal strings in HTTP headers

Summary

The HttpRequest object allows to get the HTTP headers from the server's response after sending the request. The problem is that the returned strings are created directly from the data returned by the server and are not correctly encoded for JavaScript. This allows to create internal strings that can be used to access hidden properties of objects.

Severity ?

9.1 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

CWE

CWE-134 - Use of Externally-Controlled Format String

Assigner

Zabbix

References

URL

Tags

https://support.zabbix.com/browse/ZBX-25626

Impacted products

	Vendor	Product	Version
	Zabbix	Zabbix	Affected: 6.0.0 , ≤ 6.0.33 (git) Affected: 6.4.0 , ≤ 6.4.18 (git) Affected: 7.0.0 , ≤ 7.0.3 (git)

Date Public ?

2024-10-30 09:43

Credits

Zabbix wants to thank zhutyra for submitting this report on the HackerOne bug bounty platform.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:zabbix:frontend:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "frontend",
            "vendor": "zabbix",
            "versions": [
              {
                "lessThanOrEqual": "6.0.33",
                "status": "affected",
                "version": "6.0.0",
                "versionType": "git"
              },
              {
                "lessThanOrEqual": "6.4.18",
                "status": "affected",
                "version": "6.4.0",
                "versionType": "git"
              },
              {
                "lessThanOrEqual": "7.0.3",
                "status": "affected",
                "version": "7.0.0",
                "versionType": "git"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-42330",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-12-03T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-12-04T04:55:23.233Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:04:43.106Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2024/12/msg00005.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "modules": [
            "Server"
          ],
          "product": "Zabbix",
          "repo": "https://git.zabbix.com/",
          "vendor": "Zabbix",
          "versions": [
            {
              "changes": [
                {
                  "at": "6.0.34rc1",
                  "status": "unaffected"
                }
              ],
              "lessThanOrEqual": "6.0.33",
              "status": "affected",
              "version": "6.0.0",
              "versionType": "git"
            },
            {
              "changes": [
                {
                  "at": "6.4.19rc1",
                  "status": "unaffected"
                }
              ],
              "lessThanOrEqual": "6.4.18",
              "status": "affected",
              "version": "6.4.0",
              "versionType": "git"
            },
            {
              "changes": [
                {
                  "at": "7.0.4rc1",
                  "status": "unaffected"
                }
              ],
              "lessThanOrEqual": "7.0.3",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "git"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "Zabbix wants to thank zhutyra for submitting this report on the HackerOne bug bounty platform."
        }
      ],
      "datePublic": "2024-10-30T09:43:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "The HttpRequest object allows to get the HTTP headers from the server\u0027s response after sending the request. The problem is that the returned strings are created directly from the data returned by the server and are not correctly encoded for JavaScript. This allows to create internal strings that can be used to access hidden properties of objects."
            }
          ],
          "value": "The HttpRequest object allows to get the HTTP headers from the server\u0027s response after sending the request. The problem is that the returned strings are created directly from the data returned by the server and are not correctly encoded for JavaScript. This allows to create internal strings that can be used to access hidden properties of objects."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-100",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-100 Overflow Buffers"
            }
          ]
        },
        {
          "capecId": "CAPEC-253",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-253 Remote Code Inclusion"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-134",
              "description": "CWE-134 Use of Externally-Controlled Format String",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-27T12:05:47.722Z",
        "orgId": "72de3e22-0555-4a0d-ae81-9249e0f0a1e8",
        "shortName": "Zabbix"
      },
      "references": [
        {
          "url": "https://support.zabbix.com/browse/ZBX-25626"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "JS - Internal strings in HTTP headers",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "72de3e22-0555-4a0d-ae81-9249e0f0a1e8",
    "assignerShortName": "Zabbix",
    "cveId": "CVE-2024-42330",
    "datePublished": "2024-11-27T12:05:47.722Z",
    "dateReserved": "2024-07-30T08:27:36.132Z",
    "dateUpdated": "2025-11-03T22:04:43.106Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-42328 (GCVE-0-2024-42328)

Vulnerability from cvelistv5 – Published: 2024-11-27 12:04 – Updated: 2024-11-27 14:56

Title

JS - Crash on empty HTTP server response

Summary

When the webdriver for the Browser object downloads data from a HTTP server, the data pointer is set to NULL and is allocated only in curl_write_cb when receiving data. If the server's response is an empty document, then wd->data in the code below will remain NULL and an attempt to read from it will result in a crash.

Severity ?

3.3 (Low)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

CWE

CWE-690 - Unchecked Return Value to NULL Pointer Dereference
CWE-476 - NULL Pointer Dereference

Assigner

Zabbix

References

URL

Tags

https://support.zabbix.com/browse/ZBX-25624

Impacted products

	Vendor	Product	Version
	Zabbix	Zabbix	Affected: 7.0.0 , ≤ 7.0.2 (git)

Date Public ?

2024-10-30 11:49

Credits

Zabbix wants to thank zhutyra for submitting this report on the HackerOne bug bounty platform

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-42328",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-27T14:56:07.120650Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-27T14:56:15.833Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "modules": [
            "Server"
          ],
          "product": "Zabbix",
          "repo": "https://git.zabbix.com/",
          "vendor": "Zabbix",
          "versions": [
            {
              "changes": [
                {
                  "at": "7.0.3rc1",
                  "status": "unaffected"
                }
              ],
              "lessThanOrEqual": "7.0.2",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "git"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "Zabbix wants to thank zhutyra for submitting this report on the HackerOne bug bounty platform"
        }
      ],
      "datePublic": "2024-10-30T11:49:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "When the webdriver for the Browser object downloads data from a HTTP server, the data pointer is set to NULL and is allocated only in curl_write_cb when receiving data. If the server\u0027s response is an empty document, then wd-\u0026gt;data in the code below will remain NULL and an attempt to read from it will result in a crash."
            }
          ],
          "value": "When the webdriver for the Browser object downloads data from a HTTP server, the data pointer is set to NULL and is allocated only in curl_write_cb when receiving data. If the server\u0027s response is an empty document, then wd-\u003edata in the code below will remain NULL and an attempt to read from it will result in a crash."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-215",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-215 Fuzzing for application mapping"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 3.3,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-690",
              "description": "CWE-690 Unchecked Return Value to NULL Pointer Dereference",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-476",
              "description": "CWE-476 NULL Pointer Dereference",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-27T12:04:53.864Z",
        "orgId": "72de3e22-0555-4a0d-ae81-9249e0f0a1e8",
        "shortName": "Zabbix"
      },
      "references": [
        {
          "url": "https://support.zabbix.com/browse/ZBX-25624"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "JS - Crash on empty HTTP server response",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "72de3e22-0555-4a0d-ae81-9249e0f0a1e8",
    "assignerShortName": "Zabbix",
    "cveId": "CVE-2024-42328",
    "datePublished": "2024-11-27T12:04:53.864Z",
    "dateReserved": "2024-07-30T08:27:36.132Z",
    "dateUpdated": "2024-11-27T14:56:15.833Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-42327 (GCVE-0-2024-42327)

Vulnerability from cvelistv5 – Published: 2024-11-27 12:04 – Updated: 2024-12-04 04:55

Title

SQL injection in user.get API

Summary

A non-admin user account on the Zabbix frontend with the default User role, or with any other role that gives API access can exploit this vulnerability. An SQLi exists in the CUser class in the addRelatedObjects function, this function is being called from the CUser.get function which is available for every user who has API access.

Severity ?

9.9 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

CWE

CWE-89 - SQL Injection

Assigner

Zabbix

References

URL

Tags

https://support.zabbix.com/browse/ZBX-25623

Impacted products

	Vendor	Product	Version
	Zabbix	Zabbix	Affected: 6.0.0 , ≤ 6.0.31 (git) Affected: 6.4.0 , ≤ 6.4.16 (git) Affected: 7.0.0 , ≤ 7.0.1 (git)

Date Public ?

2024-10-30 12:06

Credits

Zabbix wants to thank Márk Rákóczi (reeeeeeeeeeee) for submitting this report on the HackerOne bug bounty platform.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:zabbix:zabbix:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "zabbix",
            "vendor": "zabbix",
            "versions": [
              {
                "lessThanOrEqual": "6.0.31",
                "status": "affected",
                "version": "6.0.0",
                "versionType": "git"
              },
              {
                "lessThanOrEqual": "6.4.16",
                "status": "affected",
                "version": "6.4.0",
                "versionType": "git"
              },
              {
                "lessThanOrEqual": "7.0.1",
                "status": "affected",
                "version": "7.0.0",
                "versionType": "git"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-42327",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-12-03T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-12-04T04:55:21.730Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "modules": [
            "API"
          ],
          "product": "Zabbix",
          "repo": "https://git.zabbix.com/",
          "vendor": "Zabbix",
          "versions": [
            {
              "changes": [
                {
                  "at": "6.0.32rc1",
                  "status": "unaffected"
                }
              ],
              "lessThanOrEqual": "6.0.31",
              "status": "affected",
              "version": "6.0.0",
              "versionType": "git"
            },
            {
              "changes": [
                {
                  "at": "6.4.17rc1",
                  "status": "unaffected"
                }
              ],
              "lessThanOrEqual": "6.4.16",
              "status": "affected",
              "version": "6.4.0",
              "versionType": "git"
            },
            {
              "changes": [
                {
                  "at": "7.0.2rc1",
                  "status": "unaffected"
                }
              ],
              "lessThanOrEqual": "7.0.1",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "git"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Zabbix wants to thank M\u00e1rk R\u00e1k\u00f3czi (reeeeeeeeeeee) for submitting this report on the HackerOne bug bounty platform."
        }
      ],
      "datePublic": "2024-10-30T12:06:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A non-admin user account on the Zabbix frontend with the default User role, or with any other role that gives API access can exploit this vulnerability. An SQLi exists in the CUser class in the addRelatedObjects function, this function is being called from the CUser.get function which is available for every user who has API access."
            }
          ],
          "value": "A non-admin user account on the Zabbix frontend with the default User role, or with any other role that gives API access can exploit this vulnerability. An SQLi exists in the CUser class in the addRelatedObjects function, this function is being called from the CUser.get function which is available for every user who has API access."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-233",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-233: Privilege Escalation"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.9,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-89",
              "description": "CWE-89: SQL Injection",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-27T12:04:31.950Z",
        "orgId": "72de3e22-0555-4a0d-ae81-9249e0f0a1e8",
        "shortName": "Zabbix"
      },
      "references": [
        {
          "url": "https://support.zabbix.com/browse/ZBX-25623"
        }
      ],
      "source": {
        "discovery": "INTERNAL"
      },
      "title": "SQL injection in user.get API",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "72de3e22-0555-4a0d-ae81-9249e0f0a1e8",
    "assignerShortName": "Zabbix",
    "cveId": "CVE-2024-42327",
    "datePublished": "2024-11-27T12:04:31.950Z",
    "dateReserved": "2024-07-30T08:27:36.132Z",
    "dateUpdated": "2024-12-04T04:55:21.730Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-36468 (GCVE-0-2024-36468)

Vulnerability from cvelistv5 – Published: 2024-11-27 12:03 – Updated: 2024-11-27 14:57

Title

Stack buffer overflow in zbx_snmp_cache_handle_engineid

Summary

The reported vulnerability is a stack buffer overflow in the zbx_snmp_cache_handle_engineid function within the Zabbix server/proxy code. This issue occurs when copying data from session->securityEngineID to local_record.engineid without proper bounds checking.

Severity ?

3 (Low)


                        
                          CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N

CWE

CWE-121 - Stack-based Buffer Overflow

Assigner

Zabbix

References

URL

Tags

https://support.zabbix.com/browse/ZBX-25621

Impacted products

	Vendor	Product	Version
	Zabbix	Zabbix	Affected: 7.0.0 , ≤ 7.0.2rc1 (git)

Date Public ?

2024-09-12 12:30

Credits

Zabbix wants to thank chamal for submitting this report on the HackerOne bug bounty platform

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-36468",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-27T14:57:25.702787Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-27T14:57:32.411Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "modules": [
            "Proxy",
            "Server"
          ],
          "product": "Zabbix",
          "repo": "https://git.zabbix.com/",
          "vendor": "Zabbix",
          "versions": [
            {
              "changes": [
                {
                  "at": "7.0.3rc1",
                  "status": "unaffected"
                }
              ],
              "lessThanOrEqual": "7.0.2rc1",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "git"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Zabbix wants to thank chamal for submitting this report on the HackerOne bug bounty platform"
        }
      ],
      "datePublic": "2024-09-12T12:30:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "The reported vulnerability is a stack buffer overflow in the zbx_snmp_cache_handle_engineid function within the Zabbix server/proxy code. This issue occurs when copying data from session-\u0026gt;securityEngineID to local_record.engineid without proper bounds checking."
            }
          ],
          "value": "The reported vulnerability is a stack buffer overflow in the zbx_snmp_cache_handle_engineid function within the Zabbix server/proxy code. This issue occurs when copying data from session-\u003esecurityEngineID to local_record.engineid without proper bounds checking."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-100",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-100 Overflow Buffers"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 3,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-121",
              "description": "CWE-121 Stack-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-27T12:03:07.626Z",
        "orgId": "72de3e22-0555-4a0d-ae81-9249e0f0a1e8",
        "shortName": "Zabbix"
      },
      "references": [
        {
          "url": "https://support.zabbix.com/browse/ZBX-25621"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Stack buffer overflow in zbx_snmp_cache_handle_engineid",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "72de3e22-0555-4a0d-ae81-9249e0f0a1e8",
    "assignerShortName": "Zabbix",
    "cveId": "CVE-2024-36468",
    "datePublished": "2024-11-27T12:03:07.626Z",
    "dateReserved": "2024-05-28T11:21:24.947Z",
    "dateUpdated": "2024-11-27T14:57:32.411Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-42331 (GCVE-0-2024-42331)

Vulnerability from cvelistv5 – Published: 2024-11-27 12:06 – Updated: 2025-11-03 22:04

Title

Use after free in browser_push_error

Summary

In the src/libs/zbxembed/browser.c file, the es_browser_ctor method retrieves a heap pointer from the Duktape JavaScript engine. This heap pointer is subsequently utilized by the browser_push_error method in the src/libs/zbxembed/browser_error.c file. A use-after-free bug can occur at this stage if the wd->browser heap pointer is freed by garbage collection.

Severity ?

3.3 (Low)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

CWE

CWE-416 - Use After Free

Assigner

Zabbix

References

URL

Tags

https://support.zabbix.com/browse/ZBX-25627

Impacted products

	Vendor	Product	Version
	Zabbix	Zabbix	Affected: 7.0.0 , ≤ 7.0.3 (git)

Date Public ?

2024-10-30 09:13

Credits

Zabbix wants to thank chamal for submitting this report on the HackerOne bug bounty platform.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-42331",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-27T14:55:25.904954Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-27T14:55:34.113Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:04:44.569Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2024/12/msg00005.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "modules": [
            "Server"
          ],
          "product": "Zabbix",
          "repo": "https://git.zabbix.com/",
          "vendor": "Zabbix",
          "versions": [
            {
              "changes": [
                {
                  "at": "7.0.4rc1",
                  "status": "unaffected"
                }
              ],
              "lessThanOrEqual": "7.0.3",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "git"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "Zabbix wants to thank chamal for submitting this report on the HackerOne bug bounty platform."
        }
      ],
      "datePublic": "2024-10-30T09:13:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "In the src/libs/zbxembed/browser.c file, the es_browser_ctor method retrieves a heap pointer from the Duktape JavaScript engine. This heap pointer is subsequently utilized by the browser_push_error method in the src/libs/zbxembed/browser_error.c file. A use-after-free bug can occur at this stage if the wd-\u0026gt;browser heap pointer is freed by garbage collection."
            }
          ],
          "value": "In the src/libs/zbxembed/browser.c file, the es_browser_ctor method retrieves a heap pointer from the Duktape JavaScript engine. This heap pointer is subsequently utilized by the browser_push_error method in the src/libs/zbxembed/browser_error.c file. A use-after-free bug can occur at this stage if the wd-\u003ebrowser heap pointer is freed by garbage collection."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-100",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-100 Overflow Buffers"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 3.3,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-416",
              "description": "CWE-416 Use After Free",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-27T12:06:12.250Z",
        "orgId": "72de3e22-0555-4a0d-ae81-9249e0f0a1e8",
        "shortName": "Zabbix"
      },
      "references": [
        {
          "url": "https://support.zabbix.com/browse/ZBX-25627"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Use after free in browser_push_error",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "72de3e22-0555-4a0d-ae81-9249e0f0a1e8",
    "assignerShortName": "Zabbix",
    "cveId": "CVE-2024-42331",
    "datePublished": "2024-11-27T12:06:12.250Z",
    "dateReserved": "2024-07-30T08:27:36.132Z",
    "dateUpdated": "2025-11-03T22:04:44.569Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-42326 (GCVE-0-2024-42326)

Vulnerability from cvelistv5 – Published: 2024-11-27 12:03 – Updated: 2024-11-27 14:57

Title

Use after free vulnerability in browser.c

Summary

There was discovered a use after free bug in browser.c in the es_browser_get_variant function

Severity ?

4.4 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L

CWE

CWE-416 - Use After Free

Assigner

Zabbix

References

URL

Tags

https://support.zabbix.com/browse/ZBX-25622

Impacted products

	Vendor	Product	Version
	Zabbix	Zabbix	Affected: 7.0.0 , ≤ 7.0.3 (git)

Date Public ?

2024-10-30 12:49

Credits

Zabbix wants to thank chamal for submitting this report on the HackerOne bug bounty platform.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-42326",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-27T14:56:46.762724Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-27T14:57:07.595Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "modules": [
            "Server"
          ],
          "product": "Zabbix",
          "repo": "https://git.zabbix.com/",
          "vendor": "Zabbix",
          "versions": [
            {
              "changes": [
                {
                  "at": "7.0.4rc1",
                  "status": "unaffected"
                }
              ],
              "lessThanOrEqual": "7.0.3",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "git"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "Zabbix wants to thank chamal for submitting this report on the HackerOne bug bounty platform."
        }
      ],
      "datePublic": "2024-10-30T12:49:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "There was discovered a use after free bug in browser.c in the es_browser_get_variant function"
            }
          ],
          "value": "There was discovered a use after free bug in browser.c in the es_browser_get_variant function"
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-100",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-100 Overflow Buffers"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-416",
              "description": "CWE-416 Use After Free",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-27T12:03:37.611Z",
        "orgId": "72de3e22-0555-4a0d-ae81-9249e0f0a1e8",
        "shortName": "Zabbix"
      },
      "references": [
        {
          "url": "https://support.zabbix.com/browse/ZBX-25622"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Use after free vulnerability in browser.c",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "72de3e22-0555-4a0d-ae81-9249e0f0a1e8",
    "assignerShortName": "Zabbix",
    "cveId": "CVE-2024-42326",
    "datePublished": "2024-11-27T12:03:37.611Z",
    "dateReserved": "2024-07-30T08:27:36.132Z",
    "dateUpdated": "2024-11-27T14:57:07.595Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-36464 (GCVE-0-2024-36464)

Vulnerability from cvelistv5 – Published: 2024-11-27 14:01 – Updated: 2025-11-03 21:55

Title

Media Types: Office365, SMTP passwords are unencrypted and visible in plaintext when exported

Summary

When exporting media types, the password is exported in the YAML in plain text. This appears to be a best practices type issue and may have no actual impact. The user would need to have permissions to access the media types and therefore would be expected to have access to these passwords.

Severity ?

2.7 (Low)


                        
                          CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

CWE

CWE-256 - Plaintext Storage of a Password

Assigner

Zabbix

References

URL

Tags

https://support.zabbix.com/browse/ZBX-25630

Impacted products

	Vendor	Product	Version
	Zabbix	Zabbix	Affected: 6.0.0 , ≤ 6.0.29 (git) Affected: 6.4.0 , ≤ 6.4.15 (git) Affected: 7.0.0alpha1 , ≤ 7.0.0 (git)

Date Public ?

2024-10-30 13:37

Credits

Zabbix wants to thank Jayateertha G for submitting this report on the HackerOne bug bounty platform.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-36464",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-27T14:27:15.357237Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-27T14:28:40.384Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T21:55:14.745Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2024/12/msg00005.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "modules": [
            "API",
            "Frontend",
            "Server"
          ],
          "product": "Zabbix",
          "repo": "https://git.zabbix.com/",
          "vendor": "Zabbix",
          "versions": [
            {
              "changes": [
                {
                  "at": "6.0.30rc1",
                  "status": "unaffected"
                }
              ],
              "lessThanOrEqual": "6.0.29",
              "status": "affected",
              "version": "6.0.0",
              "versionType": "git"
            },
            {
              "changes": [
                {
                  "at": "6.4.16rc1",
                  "status": "unaffected"
                }
              ],
              "lessThanOrEqual": "6.4.15",
              "status": "affected",
              "version": "6.4.0",
              "versionType": "git"
            },
            {
              "changes": [
                {
                  "at": "7.0.1rc1",
                  "status": "unaffected"
                }
              ],
              "lessThanOrEqual": "7.0.0",
              "status": "affected",
              "version": "7.0.0alpha1",
              "versionType": "git"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "Zabbix wants to thank Jayateertha G for submitting this report on the HackerOne bug bounty platform."
        }
      ],
      "datePublic": "2024-10-30T13:37:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "When exporting media types, the password is exported in the YAML in plain text. This appears to be a best practices type issue and may have no actual impact. The user would need to have permissions to access the media types and therefore would be expected to have access to these passwords."
            }
          ],
          "value": "When exporting media types, the password is exported in the YAML in plain text. This appears to be a best practices type issue and may have no actual impact. The user would need to have permissions to access the media types and therefore would be expected to have access to these passwords."
        }
      ],
      "impacts": [
        {
          "descriptions": [
            {
              "lang": "en",
              "value": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 2.7,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-256",
              "description": "CWE-256 Plaintext Storage of a Password",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-27T14:01:58.136Z",
        "orgId": "72de3e22-0555-4a0d-ae81-9249e0f0a1e8",
        "shortName": "Zabbix"
      },
      "references": [
        {
          "url": "https://support.zabbix.com/browse/ZBX-25630"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Media Types: Office365, SMTP passwords are unencrypted and visible in plaintext when exported",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "72de3e22-0555-4a0d-ae81-9249e0f0a1e8",
    "assignerShortName": "Zabbix",
    "cveId": "CVE-2024-36464",
    "datePublished": "2024-11-27T14:01:58.136Z",
    "dateReserved": "2024-05-28T11:21:24.946Z",
    "dateUpdated": "2025-11-03T21:55:14.745Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-36466 (GCVE-0-2024-36466)

Vulnerability from cvelistv5 – Published: 2024-11-28 07:19 – Updated: 2024-12-04 14:38

Title

Unauthenticated Zabbix frontend takeover when SSO is being used

Summary

A bug in the code allows an attacker to sign a forged zbx_session cookie, which then allows them to sign in with admin permissions.

Severity ?

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-290 - Authentication Bypass by Spoofing

Assigner

Zabbix

References

URL

Tags

https://support.zabbix.com/browse/ZBX-25635

Impacted products

	Vendor	Product	Version
	Zabbix	Zabbix	Affected: 6.0.0 , ≤ 6.0.31 (git) Affected: 6.4.0 , ≤ 6.4.16 (git) Affected: 7.0.0 (git)

Date Public ?

2024-07-02 13:25

Credits

Zabbix wants to thank Márk Rákóczi (reeeeeeeeeeee) for submitting this report on the HackerOne bug bounty platform.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:zabbix:zabbix:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "zabbix",
            "vendor": "zabbix",
            "versions": [
              {
                "lessThanOrEqual": "6.0.31",
                "status": "affected",
                "version": "6.0.0",
                "versionType": "git"
              },
              {
                "lessThanOrEqual": "6.4.16",
                "status": "affected",
                "version": "6.4.0",
                "versionType": "git"
              },
              {
                "lessThan": "7.0.1rc1",
                "status": "affected",
                "version": "7.0.0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-36466",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-12-04T04:55:27.332810Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-12-04T14:38:41.930Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "modules": [
            "Frontend"
          ],
          "product": "Zabbix",
          "repo": "https://git.zabbix.com/",
          "vendor": "Zabbix",
          "versions": [
            {
              "changes": [
                {
                  "at": "6.0.32rc1",
                  "status": "unaffected"
                }
              ],
              "lessThanOrEqual": "6.0.31",
              "status": "affected",
              "version": "6.0.0",
              "versionType": "git"
            },
            {
              "changes": [
                {
                  "at": "6.4.17rc1",
                  "status": "unaffected"
                }
              ],
              "lessThanOrEqual": "6.4.16",
              "status": "affected",
              "version": "6.4.0",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "7.0.0",
              "versionType": "git"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Zabbix wants to thank M\u00e1rk R\u00e1k\u00f3czi (reeeeeeeeeeee) for submitting this report on the HackerOne bug bounty platform."
        }
      ],
      "datePublic": "2024-07-02T13:25:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A bug in the code allows an attacker to sign a forged zbx_session cookie, which then allows them to sign in with admin permissions.\u003cbr\u003e"
            }
          ],
          "value": "A bug in the code allows an attacker to sign a forged zbx_session cookie, which then allows them to sign in with admin permissions."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-196",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-196 Session Credential Falsification through Forging"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-290",
              "description": "CWE-290 Authentication Bypass by Spoofing",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-28T07:19:48.806Z",
        "orgId": "72de3e22-0555-4a0d-ae81-9249e0f0a1e8",
        "shortName": "Zabbix"
      },
      "references": [
        {
          "url": "https://support.zabbix.com/browse/ZBX-25635"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Unauthenticated Zabbix frontend takeover when SSO is being used",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Disabling SSO authentication method"
            }
          ],
          "value": "Disabling SSO authentication method"
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "72de3e22-0555-4a0d-ae81-9249e0f0a1e8",
    "assignerShortName": "Zabbix",
    "cveId": "CVE-2024-36466",
    "datePublished": "2024-11-28T07:19:48.806Z",
    "dateReserved": "2024-05-28T11:21:24.947Z",
    "dateUpdated": "2024-12-04T14:38:41.930Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-42333 (GCVE-0-2024-42333)

Vulnerability from cvelistv5 – Published: 2024-11-27 12:07 – Updated: 2025-11-03 22:04

Title

Heap buffer over-read

Summary

The researcher is showing that it is possible to leak a small amount of Zabbix Server memory using an out of bounds read in src/libs/zbxmedia/email.c

Severity ?

2.7 (Low)


                        
                          CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

CWE

CWE-126 - Buffer Over-read

Assigner

Zabbix

References

URL

Tags

https://support.zabbix.com/browse/ZBX-25629

Impacted products

	Vendor	Product	Version
	Zabbix	Zabbix	Affected: 6.0.0 , ≤ 6.0.33 (git) Affected: 6.4.0 , ≤ 6.4.18 (git) Affected: 7.0.0 , ≤ 7.0.3 (git)

Date Public ?

2024-10-07 06:37

Credits

Zabbix wants to thank chamal for submitting this report on the HackerOne bug bounty platform.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-42333",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-27T14:54:27.245135Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-27T14:54:36.459Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:04:47.471Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2024/12/msg00005.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "modules": [
            "Server"
          ],
          "product": "Zabbix",
          "repo": "https://git.zabbix.com/",
          "vendor": "Zabbix",
          "versions": [
            {
              "changes": [
                {
                  "at": "6.0.34rc1",
                  "status": "unaffected"
                }
              ],
              "lessThanOrEqual": "6.0.33",
              "status": "affected",
              "version": "6.0.0",
              "versionType": "git"
            },
            {
              "changes": [
                {
                  "at": "6.4.19rc1",
                  "status": "unaffected"
                }
              ],
              "lessThanOrEqual": "6.4.18",
              "status": "affected",
              "version": "6.4.0",
              "versionType": "git"
            },
            {
              "changes": [
                {
                  "at": "7.0.4rc1",
                  "status": "unaffected"
                }
              ],
              "lessThanOrEqual": "7.0.3",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "git"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "Zabbix wants to thank chamal for submitting this report on the HackerOne bug bounty platform."
        }
      ],
      "datePublic": "2024-10-07T06:37:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "The researcher is showing that it is possible to leak a small amount of Zabbix Server memory using an out of bounds read in src/libs/zbxmedia/email.c"
            }
          ],
          "value": "The researcher is showing that it is possible to leak a small amount of Zabbix Server memory using an out of bounds read in src/libs/zbxmedia/email.c"
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-679",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-679 Exploitation of Improperly Configured or Implemented Memory Protections"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 2.7,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-126",
              "description": "CWE-126 Buffer Over-read",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-27T12:07:11.159Z",
        "orgId": "72de3e22-0555-4a0d-ae81-9249e0f0a1e8",
        "shortName": "Zabbix"
      },
      "references": [
        {
          "url": "https://support.zabbix.com/browse/ZBX-25629"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Heap buffer over-read",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "72de3e22-0555-4a0d-ae81-9249e0f0a1e8",
    "assignerShortName": "Zabbix",
    "cveId": "CVE-2024-42333",
    "datePublished": "2024-11-27T12:07:11.159Z",
    "dateReserved": "2024-07-30T08:27:36.132Z",
    "dateUpdated": "2025-11-03T22:04:47.471Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-42332 (GCVE-0-2024-42332)

Vulnerability from cvelistv5 – Published: 2024-11-27 12:06 – Updated: 2025-11-03 22:04

Title

New line injection in Zabbix SNMP traps

Summary

The researcher is showing that due to the way the SNMP trap log is parsed, an attacker can craft an SNMP trap with additional lines of information and have forged data show in the Zabbix UI. This attack requires SNMP auth to be off and/or the attacker to know the community/auth details. The attack requires an SNMP item to be configured as text on the target host.

Severity ?

3.7 (Low)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

CWE

CWE 117 Improper Output Neutralization for Logs

Assigner

Zabbix

References

URL

Tags

https://support.zabbix.com/browse/ZBX-25628

Impacted products

	Vendor	Product	Version
	Zabbix	Zabbix	Affected: 6.0.0 , < 6.0.34 (git) Affected: 6.4.0 , < 6.4.19 (git) Affected: 7.0.0 , < 7.0.4 (git)

Date Public ?

2024-10-30 06:00

Credits

Zabbix wants to thank chamal for submitting this report on the HackerOne bug bounty platform.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-42332",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-27T14:54:59.322691Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-27T14:55:10.340Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:04:46.012Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2024/12/msg00005.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "modules": [
            "Server"
          ],
          "product": "Zabbix",
          "repo": "https://git.zabbix.com/",
          "vendor": "Zabbix",
          "versions": [
            {
              "changes": [
                {
                  "at": "6.0.35rc1",
                  "status": "unaffected"
                }
              ],
              "lessThan": "6.0.34",
              "status": "affected",
              "version": "6.0.0",
              "versionType": "git"
            },
            {
              "changes": [
                {
                  "at": "6.4.20rc1",
                  "status": "unaffected"
                }
              ],
              "lessThan": "6.4.19",
              "status": "affected",
              "version": "6.4.0",
              "versionType": "git"
            },
            {
              "changes": [
                {
                  "at": "7.0.5rc1",
                  "status": "unaffected"
                }
              ],
              "lessThan": "7.0.4",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "git"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "Zabbix wants to thank chamal for submitting this report on the HackerOne bug bounty platform."
        }
      ],
      "datePublic": "2024-10-30T06:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "The researcher is showing that due to the way the SNMP trap log is parsed, an attacker can craft an SNMP trap with additional lines of information and have forged data show in the Zabbix UI. This attack requires SNMP auth to be off and/or the attacker to know the community/auth details. The attack requires an SNMP item to be configured as text on the target host."
            }
          ],
          "value": "The researcher is showing that due to the way the SNMP trap log is parsed, an attacker can craft an SNMP trap with additional lines of information and have forged data show in the Zabbix UI. This attack requires SNMP auth to be off and/or the attacker to know the community/auth details. The attack requires an SNMP item to be configured as text on the target host."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-93",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-93 Log Injection-Tampering-Forging"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 3.7,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE 117 Improper Output Neutralization for Logs",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-27T12:06:44.515Z",
        "orgId": "72de3e22-0555-4a0d-ae81-9249e0f0a1e8",
        "shortName": "Zabbix"
      },
      "references": [
        {
          "url": "https://support.zabbix.com/browse/ZBX-25628"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "New line injection in Zabbix SNMP traps",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "72de3e22-0555-4a0d-ae81-9249e0f0a1e8",
    "assignerShortName": "Zabbix",
    "cveId": "CVE-2024-42332",
    "datePublished": "2024-11-27T12:06:44.515Z",
    "dateReserved": "2024-07-30T08:27:36.132Z",
    "dateUpdated": "2025-11-03T22:04:46.012Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-42329 (GCVE-0-2024-42329)

Vulnerability from cvelistv5 – Published: 2024-11-27 12:05 – Updated: 2024-11-27 14:55

Title

JS - Crash on unexpected HTTP server response

Summary

The webdriver for the Browser object expects an error object to be initialized when the webdriver_session_query function fails. But this function can fail for various reasons without an error description and then the wd->error will be NULL and trying to read from it will result in a crash.

Severity ?

3.3 (Low)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

CWE

CWE-690 - Unchecked Return Value to NULL Pointer Dereference
CWE-476 - NULL Pointer Dereference

Assigner

Zabbix

References

URL

Tags

https://support.zabbix.com/browse/ZBX-25625

Impacted products

	Vendor	Product	Version
	Zabbix	Zabbix	Affected: 7.0.0 , ≤ 7.0.3rc1 (git)

Date Public ?

2024-10-30 11:36

Credits

Zabbix wants to thank zhutyra for submitting this report on the HackerOne bug bounty platform.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-42329",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-27T14:55:49.394112Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-27T14:55:58.417Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "modules": [
            "Server"
          ],
          "product": "Zabbix",
          "repo": "https://git.zabbix.com/",
          "vendor": "Zabbix",
          "versions": [
            {
              "changes": [
                {
                  "at": "7.0.4rc1",
                  "status": "unaffected"
                }
              ],
              "lessThanOrEqual": "7.0.3rc1",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "git"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "Zabbix wants to thank zhutyra for submitting this report on the HackerOne bug bounty platform."
        }
      ],
      "datePublic": "2024-10-30T11:36:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "The webdriver for the Browser object expects an error object to be initialized when the webdriver_session_query function fails. But this function can fail for various reasons without an error description and then the wd-\u0026gt;error will be NULL and trying to read from it will result in a crash."
            }
          ],
          "value": "The webdriver for the Browser object expects an error object to be initialized when the webdriver_session_query function fails. But this function can fail for various reasons without an error description and then the wd-\u003eerror will be NULL and trying to read from it will result in a crash."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-215",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-215 Fuzzing for application mapping"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 3.3,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-690",
              "description": "CWE-690 Unchecked Return Value to NULL Pointer Dereference",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-476",
              "description": "CWE-476 NULL Pointer Dereference",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-27T12:05:21.915Z",
        "orgId": "72de3e22-0555-4a0d-ae81-9249e0f0a1e8",
        "shortName": "Zabbix"
      },
      "references": [
        {
          "url": "https://support.zabbix.com/browse/ZBX-25625"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "JS - Crash on unexpected HTTP server response",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "72de3e22-0555-4a0d-ae81-9249e0f0a1e8",
    "assignerShortName": "Zabbix",
    "cveId": "CVE-2024-42329",
    "datePublished": "2024-11-27T12:05:21.915Z",
    "dateReserved": "2024-07-30T08:27:36.132Z",
    "dateUpdated": "2024-11-27T14:55:58.417Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

WID-SEC-W-2024-3562

CVE-2024-42330 (GCVE-0-2024-42330)

CVE-2024-42328 (GCVE-0-2024-42328)

CVE-2024-42327 (GCVE-0-2024-42327)

CVE-2024-36468 (GCVE-0-2024-36468)

CVE-2024-42331 (GCVE-0-2024-42331)

CVE-2024-42326 (GCVE-0-2024-42326)

CVE-2024-36464 (GCVE-0-2024-36464)

CVE-2024-36466 (GCVE-0-2024-36466)

CVE-2024-42333 (GCVE-0-2024-42333)

CVE-2024-42332 (GCVE-0-2024-42332)

CVE-2024-42329 (GCVE-0-2024-42329)

Tags

Sightings

Nomenclature