Unauthorized limited filesystem access from preprocessing
CVE-2023-29450

8.5HIGH

Key Information:

Vendor: Zabbix
Status: Zabbix
Vendor: CVE Published:; 13 July 2023

What is CVE-2023-29450?

A security flaw in Zabbix Server and Proxy allows attackers to exploit JavaScript pre-processing to gain read-only access to the filesystem as the user 'zabbix'. This access can be leveraged to obtain sensitive information, raising significant privacy and security concerns.

Affected Version(s)

Zabbix 5.0 <= 5.0.31

Zabbix 6.0 <= 6.0.13

Zabbix 6.2 <= 6.2.7

References

https://support.zabbix.com/browse/ZBX-22588

https://lists.debian.org/debian-lts-announce/2023/08/msg0...

CVSS V3.1

Score:

8.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 13, 2023
Vulnerability Reserved
Apr 6, 2023