CVE-2023-29449

See a problem?
Source
https://nvd.nist.gov/vuln/detail/CVE-2023-29449
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-29449.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-29449
Related
Published
2023-07-13T09:15:09Z
Modified
2024-10-03T19:58:44.002483Z
Severity
  • 4.9 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

JavaScript preprocessing, webhooks and global scripts can cause uncontrolled CPU, memory, and disk I/O utilization. Preprocessing/webhook/global script configuration and testing are only available to Administrative roles (Admin and Superadmin). Administrative privileges should be typically granted to users who need to perform tasks that require more control over the system. The security risk is limited because not all users have this level of access.

References

Affected packages

Debian:11 / zabbix

Package

Name
zabbix
Purl
pkg:deb/debian/zabbix?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:5.0.44+dfsg-1+deb11u1

Affected versions

1:5.*

1:5.0.8+dfsg-1
1:5.0.14+dfsg-1~bpo11+1
1:5.0.14+dfsg-1
1:5.0.17+dfsg-1~bpo11+1
1:5.0.17+dfsg-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:12 / zabbix

Package

Name
zabbix
Purl
pkg:deb/debian/zabbix?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1:6.*

1:6.0.14+dfsg-1
1:6.0.23+dfsg-1~bpo12+1
1:6.0.23+dfsg-1
1:6.0.24+dfsg-1
1:6.0.25+dfsg-1
1:6.0.29+dfsg-1

1:7.*

1:7.0.0+dfsg-1
1:7.0.0+dfsg-2~bpo12+1
1:7.0.0+dfsg-2
1:7.0.1+dfsg-1~bpo12+1
1:7.0.1+dfsg-1
1:7.0.2+dfsg-1~bpo12+1
1:7.0.2+dfsg-1
1:7.0.3+dfsg-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:13 / zabbix

Package

Name
zabbix
Purl
pkg:deb/debian/zabbix?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:6.0.23+dfsg-1

Affected versions

1:6.*

1:6.0.14+dfsg-1
1:6.0.23+dfsg-1~bpo12+1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Git / github.com/zabbix/zabbix

Affected ranges

Type
GIT
Repo
https://github.com/zabbix/zabbix
Events
Last affected
088a1524edba40df60dee1c6586ed76b383fef99
Last affected
2aeaf5a6e708bb09765e740d90350e03e481fd35
Last affected
4c51ce43a90365f004baaf8b1a830f53086fe429
Last affected
515ced75ff1b4ca50626eadad9d994cdc6747e00
Last affected
53ee8cba0ce8b64fa10ba82792a69a9827ff4436
Last affected
5e063aebfeac28041f7b0e03e07e5738a9f0def9
Last affected
89049fb719637a7b6d6be4244b226b3ea8cc96a7
Last affected
8c156f34f9bc4a3b225feddf792a6c48b8cfc14d
Last affected
a01f5df47bf7288479c0337705649ed341e4bf7a
Introduced
546e284fd7cb04459496bb98ddb6b7c6dab455ec
Last affected
a749236b3d987a11903715deb39eb89ea1f1d8cf
Last affected
cd4d8eca4c872c495d3b27f9f6ba9fa96fce5e04
Last affected
f64a07aefcab6c007cb6415333457e07c2db0d56
Introduced
5203d2ea7d901cd33d148f20586e2155901a7faa
Last affected
fdfa8cef9ceeaf2c6dbb5ded5a220de4afd87fe0

Affected versions

6.*

6.0.0
6.0.1
6.0.10
6.0.10rc1
6.0.10rc2
6.0.11
6.0.11rc1
6.0.11rc2
6.0.12
6.0.12rc1
6.0.12rc2
6.0.13
6.0.13rc1
6.0.1rc1
6.0.1rc2
6.0.1rc3
6.0.1rc4
6.0.2
6.0.2rc1
6.0.3
6.0.3rc1
6.0.4
6.0.4rc1
6.0.5
6.0.5rc1
6.0.6
6.0.6rc1
6.0.7
6.0.7rc1
6.0.8
6.0.8rc1
6.0.8rc2
6.0.9
6.0.9rc1
6.0.9rc2
6.4.0alpha1
6.4.0beta1
6.4.0beta2
6.4.0beta3
6.4.0beta4
6.4.0beta5
6.4.0beta6
6.4.1