Manual Changes to System Map Element URL ID Can Prevent URL Addition
CVE-2024-22117

2.2LOW

Key Information:

Vendor: Zabbix
Status: Zabbix
Vendor: CVE Published:; 26 November 2024

What is CVE-2024-22117?

When a URL is added to the map element, it is recorded in the database with sequential IDs. Upon adding a new URL, the system retrieves the last sysmapelementurlid value and increments it by one. However, an issue arises when a user manually changes the sysmapelementurlid value by adding sysmapelementurlid + 1. This action prevents others from adding URLs to the map element.

Affected Version(s)

Zabbix 5,0,0 <= 5.0.43

Zabbix 6.0.0 <= 6.0.33

Zabbix 6.4.0 <= 6.4.18

References

https://support.zabbix.com/browse/ZBX-25610

CVSS V3.1

Score:

2.2

Severity:

LOW

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 26, 2024
Vulnerability Reserved
Jan 5, 2024

Credit

Zabbix wants to thank prasetia (prasetia) for submitting this report on the HackerOne bug bounty platform