Lucene search

GoogleOSV:CVE-2023-29449

HistoryJul 13, 2023 - 9:15 a.m.

CVE-2023-29449

2023-07-1309:15:09

Google

osv.dev

javascript preprocessing

webhooks

global scripts

cpu utilization

memory utilization

disk i/o utilization

administrative roles

administrative privileges

security risk

system access

software

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

7.1 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

21.1%

JSON

JavaScript preprocessing, webhooks and global scripts can cause uncontrolled CPU, memory, and disk I/O utilization. Preprocessing/webhook/global script configuration and testing are only available to Administrative roles (Admin and Superadmin). Administrative privileges should be typically granted to users who need to perform tasks that require more control over the system. The security risk is limited because not all users have this level of access.

CPENameOperatorVersion
zabbixeq6.0.11
zabbixeq6.0.9rc1
zabbixeq6.0.11rc2
zabbixeq6.0.1rc3
zabbixeq6.0.1
zabbixeq6.0.13
zabbixeq6.0.4rc1
zabbixeq6.4.0beta1
zabbixeq6.0.10rc2
zabbixeq6.0.12

Name	Operator	Version
zabbix	eq	6.0.11
zabbix	eq	6.0.9rc1
zabbix	eq	6.0.11rc2
zabbix	eq	6.0.1rc3
zabbix	eq	6.0.1
zabbix	eq	6.0.13
zabbix	eq	6.0.4rc1
zabbix	eq	6.4.0beta1
zabbix	eq	6.0.10rc2
zabbix	eq	6.0.12

Rows per page:

1-10 of 431

References

support.zabbix.com/browse/ZBX-22589

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

7.1 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

21.1%

JSON

Related for OSV:CVE-2023-29449