UBUNTU-CVE-2024-22120

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2024-22120

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-22120.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2024-22120

Related

CVE-2024-22120

Published

2024-05-17T10:15:00Z

Modified

2024-12-18T16:34:48Z

Summary

[none]

Details

Zabbix server can perform command execution for configured scripts. After command is executed, audit entry is added to "Audit Log". Due to "clientip" field is not sanitized, it is possible to injection SQL into "clientip" and exploit time based blind SQL injection.

References

Affected packages

Ubuntu:Pro:14.04:LTS / zabbix

Package

Name: zabbix
Purl: pkg:deb/ubuntu/zabbix?arch=src?distro=esm-infra-legacy/trusty

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1:2.*

1:2.0.6+dfsg-1ubuntu2

1:2.2.0+dfsg-1ubuntu1

1:2.2.0+dfsg-6ubuntu1

1:2.2.1+dfsg-1ubuntu3

1:2.2.2+dfsg-1ubuntu1

1:2.2.2+dfsg-1ubuntu1+esm1

1:2.2.2+dfsg-1ubuntu1+esm3

1:2.2.2+dfsg-1ubuntu1+esm4

1:2.2.2+dfsg-1ubuntu1+esm5

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:Pro:16.04:LTS / zabbix

Package

Name: zabbix
Purl: pkg:deb/ubuntu/zabbix?arch=src?distro=esm-apps/xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1:2.*

1:2.4.6+dfsg-1

1:2.4.7+dfsg-1

1:2.4.7+dfsg-2

1:2.4.7+dfsg-2ubuntu2

1:2.4.7+dfsg-2ubuntu2.1

1:2.4.7+dfsg-2ubuntu2.1+esm1

1:2.4.7+dfsg-2ubuntu2.1+esm2

1:2.4.7+dfsg-2ubuntu2.1+esm3

1:2.4.7+dfsg-2ubuntu2.1+esm4

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:Pro:18.04:LTS / zabbix

Package

Name: zabbix
Purl: pkg:deb/ubuntu/zabbix?arch=src?distro=esm-apps/bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1:3.*

1:3.0.7+dfsg-3

1:3.0.12+dfsg-1

1:3.0.12+dfsg-1ubuntu0.1~esm1

1:3.0.12+dfsg-1ubuntu0.1~esm2

1:3.0.12+dfsg-1ubuntu0.1~esm3

1:3.0.12+dfsg-1ubuntu0.1~esm4

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:20.04:LTS / zabbix

Package

Name: zabbix
Purl: pkg:deb/ubuntu/zabbix?arch=src?distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1:4.*

1:4.0.4+dfsg-1build2

1:4.0.4+dfsg-1build3

1:4.0.11+dfsg-1

1:4.0.14+dfsg-1

1:4.0.15+dfsg-1

1:4.0.16+dfsg-1

1:4.0.16+dfsg-1build1

1:4.0.17+dfsg-1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:22.04:LTS / zabbix

Package

Name: zabbix
Purl: pkg:deb/ubuntu/zabbix?arch=src?distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1:5.*

1:5.0.8+dfsg-1build1

1:5.0.14+dfsg-1

1:5.0.17+dfsg-1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:24.10 / zabbix

Package

Name: zabbix
Purl: pkg:deb/ubuntu/zabbix?arch=src?distro=oracular

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1:6.*

1:6.0.29+dfsg-1

1:7.*

1:7.0.0+dfsg-1

1:7.0.0+dfsg-2

1:7.0.1+dfsg-1

1:7.0.2+dfsg-1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}