Lucene search

Ubuntu.comUB:CVE-2023-29449

HistoryJul 13, 2023 - 12:00 a.m.

CVE-2023-29449

2023-07-1300:00:00

ubuntu.com

javascript preprocessing

webhooks

global scripts

cpu utilization

memory utilization

disk i/o utilization

administrative roles

security risk

system control

limited access

unix

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

32.0%

JSON

JavaScript preprocessing, webhooks and global scripts can cause
uncontrolled CPU, memory, and disk I/O utilization.
Preprocessing/webhook/global script configuration and testing are only
available to Administrative roles (Admin and Superadmin). Administrative
privileges should be typically granted to users who need to perform tasks
that require more control over the system. The security risk is limited
because not all users have this level of access.

OSVersionArchitecturePackageVersionFilename
ubuntu22.04noarchzabbix< anyUNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	22.04	noarch	zabbix	< any	UNKNOWN

References

launchpad.net/bugs/cve/CVE-2023-29449

nvd.nist.gov/vuln/detail/CVE-2023-29449

security-tracker.debian.org/tracker/CVE-2023-29449

support.zabbix.com/browse/ZBX-22589

www.cve.org/CVERecord?id=CVE-2023-29449

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

32.0%

JSON

Related for UB:CVE-2023-29449