CVE-2023-29449

2023-07-1309:15:09

Debian Security Bug Tracker

security-tracker.debian.org

cve-2023-29449

security risk

administrative roles

configuration

testing

resource utilization

unix

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

5.2 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

21.1%

JSON

JavaScript preprocessing, webhooks and global scripts can cause uncontrolled CPU, memory, and disk I/O utilization. Preprocessing/webhook/global script configuration and testing are only available to Administrative roles (Admin and Superadmin). Administrative privileges should be typically granted to users who need to perform tasks that require more control over the system. The security risk is limited because not all users have this level of access.

OSVersionArchitecturePackageVersionFilename
Debian12allzabbix<= 1:6.0.14+dfsg-1zabbix_1:6.0.14+dfsg-1_all.deb
Debian11allzabbix<= 1:5.0.8+dfsg-1zabbix_1:5.0.8+dfsg-1_all.deb
Debian999allzabbix< 1:6.0.23+dfsg-1zabbix_1:6.0.23+dfsg-1_all.deb
Debian13allzabbix< 1:6.0.23+dfsg-1zabbix_1:6.0.23+dfsg-1_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	zabbix	<= 1:6.0.14+dfsg-1	zabbix_1:6.0.14+dfsg-1_all.deb
Debian	11	all	zabbix	<= 1:5.0.8+dfsg-1	zabbix_1:5.0.8+dfsg-1_all.deb
Debian	999	all	zabbix	< 1:6.0.23+dfsg-1	zabbix_1:6.0.23+dfsg-1_all.deb
Debian	13	all	zabbix	< 1:6.0.23+dfsg-1	zabbix_1:6.0.23+dfsg-1_all.deb