Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistZabbixCVELIST:CVE-2023-29456
HistoryJul 13, 2023 - 9:33 a.m.

CVE-2023-29456 Inefficient URL schema validation

2023-07-1309:33:32
CWE-20
Zabbix
www.cve.org
6
url validation
input parsing
internet standards.

CVSS3

5.7

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:L

AI Score

7.6

Confidence

High

EPSS

0.001

Percentile

21.4%

JSON

URL validation scheme receives input from a user and then parses it to identify its various components. The validation scheme can ensure that all URL components comply with internet standards.

CNA Affected

[
  {
    "defaultStatus": "affected",
    "modules": [
      "Frontend"
    ],
    "product": "Zabbix",
    "repo": "https://git.zabbix.com/",
    "vendor": "Zabbix",
    "versions": [
      {
        "changes": [
          {
            "at": "4.0.47rc1",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "4.0.46",
        "status": "affected",
        "version": "4.0.0",
        "versionType": "git"
      },
      {
        "changes": [
          {
            "at": "5.0.36rc1",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "5.0.35",
        "status": "affected",
        "version": "5.0.0",
        "versionType": "git"
      },
      {
        "changes": [
          {
            "at": "6.0.19rc1",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "6.0.18",
        "status": "affected",
        "version": "6.0.0",
        "versionType": "git"
      },
      {
        "changes": [
          {
            "at": "6.4.4rc1",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "6.4.3",
        "status": "affected",
        "version": "6.4.0",
        "versionType": "git"
      },
      {
        "changes": [
          {
            "at": "7.0.0alpha2",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "7.0.0alpha1 ",
        "status": "affected",
        "version": "7.0.0alpha1",
        "versionType": "git"
      }
    ]
  }
]

Related

debiancve 1
nvd 1
cve 1
ubuntucve 1
prion 1
nessus 1
osv 1
openvas 1
debian 1
debiancve
debiancve
CVE-2023-29456
2023-07-13 10:15:09
nvd
nvd
CVE-2023-29456
2023-07-13 10:15:09
cve
cve
CVE-2023-29456
2023-07-13 10:15:09
ubuntucve
ubuntucve
CVE-2023-29456
2023-07-13 00:00:00
prion
prion
Input validation
2023-07-13 10:15:00
nessus
nessus
Debian DLA-3538-1 : zabbix - LTS security update
2023-08-22 00:00:00
osv
osv
zabbix - security update
2023-08-22 00:00:00
openvas
openvas
Debian: Security Advisory (DLA-3538-1)
2023-08-22 00:00:00
debian
debian
[SECURITY] [DLA 3538-1] zabbix security update
2023-08-22 13:22:21

CVSS3

5.7

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:L

AI Score

7.6

Confidence

High

EPSS

0.001

Percentile

21.4%

JSON
Related for CVELIST:CVE-2023-29456
debiancve1nvd1cve1ubuntucve1prion1nessus1osv1openvas1debian1