CVE-2023-29450

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-29450

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-29450.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-29450

Downstream

DEBIAN-CVE-2023-29450

DLA-3538-1

DLA-3909-1

SUSE-SU-2023:3029-1

UBUNTU-CVE-2023-29450

Related

SUSE-SU-2023:3029-1

Published

2023-07-13T09:15:09Z

Modified

2025-10-16T05:47:27.270740Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

JavaScript pre-processing can be used by the attacker to gain access to the file system (read-only access on behalf of user "zabbix") on the Zabbix Server or Zabbix Proxy, potentially leading to unauthorized access to sensitive data.

References

Affected packages

Git / github.com/zabbix/zabbix

Affected ranges

Type: GIT
Repo: https://github.com/zabbix/zabbix
Events: Introduced

5203d2ea7d901cd33d148f20586e2155901a7faa

Last affected

287da69c170e558394a71648411fec6b80ff91ab

Affected versions

6.*

6.0.0

6.0.1

6.0.10

6.0.10rc1

6.0.10rc2

6.0.11

6.0.11rc1

6.0.11rc2

6.0.12

6.0.12rc1

6.0.12rc2

6.0.13

6.0.13rc1

6.0.14

6.0.14rc1

6.0.14rc2

6.0.15

6.0.15rc1

6.0.15rc2

6.0.1rc1

6.0.1rc2

6.0.1rc3

6.0.1rc4

6.0.2

6.0.2rc1

6.0.3

6.0.3rc1

6.0.4

6.0.4rc1

6.0.5

6.0.5rc1

6.0.6

6.0.6rc1

6.0.7

6.0.7rc1

6.0.8

6.0.8rc1

6.0.8rc2

6.0.9

6.0.9rc1

6.0.9rc2