Zabbix 5.0.0 Cross Site Scripting

2020-12-04T00:00:00

Description

{"id": "PACKETSTORM:160362", "type": "packetstorm", "bulletinFamily": "exploit", "title": "Zabbix 5.0.0 Cross Site Scripting", "description": "", "published": "2020-12-04T00:00:00", "modified": "2020-12-04T00:00:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "href": "https://packetstormsecurity.com/files/160362/Zabbix-5.0.0-Cross-Site-Scripting.html", "reporter": "Shwetabh Vishnoi", "references": [], "cvelist": ["CVE-2020-15803"], "lastseen": "2020-12-04T15:07:19", "viewCount": 895, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2020-15803"]}, {"type": "debian", "idList": ["DEBIAN:DLA-2311-1:2A274", "DEBIAN:DLA-2311-1:CEA88", "DEBIAN:DLA-2631-1:51D29"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2020-15803"]}, {"type": "exploitdb", "idList": ["EDB-ID:49202"]}, {"type": "fedora", "idList": ["FEDORA:674923295160", "FEDORA:7F34934E3FFA"]}, {"type": "nessus", "idList": ["DEBIAN_DLA-2311.NASL", "DEBIAN_DLA-2631.NASL", "FEDORA_2020-02CF7850CA.NASL", "FEDORA_2020-519516FEEC.NASL", "OPENSUSE-2020-1604.NASL", "OPENSUSE-2022-0036-1.NASL", "SUSE_SU-2020-2251-1.NASL"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2020:1604-1", "OPENSUSE-SU-2022:0036-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2020-15803"]}], "rev": 4}, "score": {"value": 4.6, "vector": "NONE"}, "backreferences": {"references": [{"type": "cve", "idList": ["CVE-2020-15803"]}, {"type": "debian", "idList": ["DEBIAN:DLA-2311-1:2A274"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2020-15803"]}, {"type": "exploitdb", "idList": ["EDB-ID:49202"]}, {"type": "fedora", "idList": ["FEDORA:674923295160", "FEDORA:7F34934E3FFA"]}, {"type": "nessus", "idList": ["FEDORA_2020-02CF7850CA.NASL", "FEDORA_2020-519516FEEC.NASL"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2020:1604-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2020-15803"]}]}, "exploitation": null, "vulnersScore": 4.6}, "sourceHref": "https://packetstormsecurity.com/files/download/160362/zabbix500-xss.txt", "sourceData": "`# Exploit Title: Zabbix 5.0.0 - Stored XSS via URL Widget Iframe \n# Date: 8/11/2020 \n# Exploit Author: Shwetabh Vishnoi \n# Vendor Homepage: https://www.zabbix.com/ \n# Software Link: https://www.zabbix.com/download \n# Affected Version: Zabbix before 3.0.32rc1, 4.x before 4.0.22rc1, 4.1.x through 4.4.x before 4.4.10rc1, and 5.x before 5.0.2rc1 \n# CVE : CVE-2020-15803 \n \nAffected URL/endpoint(s): \nhttp://192.168.1.7/zabbix.php?sid=f7ca8c8270ce38c7&action=dashboard.widget.check \n \nAffected Param: <iframe src=\"http://localhost/hello.html\" scrolling=\"auto\" \nid=\"iframe\" class=\"widget-url\" width=\"100%\" height=\"100%\"></iframe> \n \nDescription: The application contains a widget functionality within Global \nView Dashboard which can be used by a malicious admin to propagate stored \ncross site scripting attack. The \u201cURL\u201d widget iframe does not have any \ninbuilt restrictions for the content executing within. \n \nImpact: The malicious webpages within iframes can be used for hosting forms \nfor Phishing, malware propagation, forced redirections etc. \n \nThe affected Global View dashboard is displayed to all the users of the \napplication, so all the users will be affected with this vulnerability. \n \nReproduction Steps: \n1. Login to the application with Admin \n2. In Global View Dashboard, Add a widget \n3. Select Type \u2013 \u201cURL\u201d, fill any random values for Name, Refresh Interval. \n4. Now, in the URL parameter, enter a malicious URL. \n5. For demo purpose, I have hosted a web server on my machine and hosted a webpage http://localhost/hello.html. (Alternatively, you can use \u201c http://14.rs\u201d to display popups.) \n6. The malicious webpage containing payload will be executed on the dashboard via iFrame. \n7. The executed content can redirect the user to a malicious page (We have used Bing page for redirection). \n \n`\n", "immutableFields": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1645857485}}

{"debian": [{"lastseen": "2022-01-04T14:51:29", "description": "- -------------------------------------------------------------------------\nDebian LTS Advisory DLA-2311-1 debian-lts@lists.debian.org\nhttps://www.debian.org/lts/security/ Chris Lamb\nAugust 3, 2020 https://wiki.debian.org/LTS\n- -------------------------------------------------------------------------\n\nPackage : zabbix\nVersion : 1:3.0.7+dfsg-3+deb9u1\nCVE ID : CVE-2020-15803\nDebian Bug : #966146\n\nIt was discovered that there was a potential cross-site scripting\nvulnerability via iframe HTML elements in Zabbix, a PHP-based\nmonitoring system.\n\nFor Debian 9 "Stretch", this problem has been fixed in version\n1:3.0.7+dfsg-3+deb9u1.\n\nWe recommend that you upgrade your zabbix packages.\n\nFor the detailed security status of zabbix please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/zabbix\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "baseScore": 6.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 2.7}, "published": "2020-08-03T15:05:45", "type": "debian", "title": "[SECURITY] [DLA 2311-1] zabbix security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-15803"], "modified": "2020-08-03T15:05:45", "id": "DEBIAN:DLA-2311-1:2A274", "href": "https://lists.debian.org/debian-lts-announce/2020/08/msg00007.html", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-10-22T11:18:48", "description": "- -------------------------------------------------------------------------\nDebian LTS Advisory DLA-2311-1 debian-lts@lists.debian.org\nhttps://www.debian.org/lts/security/ Chris Lamb\nAugust 3, 2020 https://wiki.debian.org/LTS\n- -------------------------------------------------------------------------\n\nPackage : zabbix\nVersion : 1:3.0.7+dfsg-3+deb9u1\nCVE ID : CVE-2020-15803\nDebian Bug : #966146\n\nIt was discovered that there was a potential cross-site scripting\nvulnerability via iframe HTML elements in Zabbix, a PHP-based\nmonitoring system.\n\nFor Debian 9 "Stretch", this problem has been fixed in version\n1:3.0.7+dfsg-3+deb9u1.\n\nWe recommend that you upgrade your zabbix packages.\n\nFor the detailed security status of zabbix please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/zabbix\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "baseScore": 6.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 2.7}, "published": "2020-08-03T15:05:45", "type": "debian", "title": "[SECURITY] [DLA 2311-1] zabbix security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-15803"], "modified": "2020-08-03T15:05:45", "id": "DEBIAN:DLA-2311-1:CEA88", "href": "https://lists.debian.org/debian-lts-announce/2020/08/msg00007.html", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-10-22T10:23:35", "description": "From: Sylvain Beucler <beuc@beuc.net>\nTo: debian-lts-announce@lists.debian.org\nSubject: [SECURITY] [DLA 2631-1] zabbix security update\n\n- -------------------------------------------------------------------------\nDebian LTS Advisory DLA-2631-1 debian-lts@lists.debian.org\nhttps://www.debian.org/lts/security/ \nApril 21, 2021 https://wiki.debian.org/LTS\n- -------------------------------------------------------------------------\n\nPackage : zabbix\nVersion : 1:3.0.32+dfsg-0+deb9u1\nCVE ID : CVE-2019-15132 CVE-2020-15803\nDebian Bug : 935027 966146\n\nMultiple vulnerabilities were discovered in Zabbix, a network\nmonitoring solution. An attacker may enumerate valid users and\nredirect to external links through the zabbix web frontend.\n\nCVE-2019-15132\n\n Zabbix allows User Enumeration. With login requests, it is\n possible to enumerate application usernames based on the\n variability of server responses (e.g., the "Login name or password\n is incorrect" and "No permissions for system access" messages, or\n just blocking for a number of seconds). This affects both\n api_jsonrpc.php and index.php.\n\nCVE-2020-15803\n\n Zabbix allows stored XSS in the URL Widget. This fix was\n mistakenly dropped in previous upload 1:3.0.31+dfsg-0+deb9u1.\n\nThis update also includes several other bug fixes and\nimprovements. For more information please refer to the upstream\nchangelog file.\n\nFor Debian 9 stretch, these problems have been fixed in version\n1:3.0.32+dfsg-0+deb9u1.\n\nWe recommend that you upgrade your zabbix packages.\n\nFor the detailed security status of zabbix please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/zabbix\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "baseScore": 6.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 2.7}, "published": "2021-04-21T14:41:32", "type": "debian", "title": "[SECURITY] [DLA 2631-1] zabbix security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-15132", "CVE-2020-15803"], "modified": "2021-04-21T14:41:32", "id": "DEBIAN:DLA-2631-1:51D29", "href": "https://lists.debian.org/debian-lts-announce/2021/04/msg00018.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "ubuntucve": [{"lastseen": "2021-11-22T21:25:42", "description": "Zabbix before 3.0.32rc1, 4.x before 4.0.22rc1, 4.1.x through 4.4.x before\n4.4.10rc1, and 5.x before 5.0.2rc1 allows stored XSS in the URL Widget.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "baseScore": 6.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 2.7}, "published": "2020-07-17T00:00:00", "type": "ubuntucve", "title": "CVE-2020-15803", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-15803"], "modified": "2020-07-17T00:00:00", "id": "UB:CVE-2020-15803", "href": "https://ubuntu.com/security/CVE-2020-15803", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "cve": [{"lastseen": "2022-03-23T13:58:18", "description": "Zabbix before 3.0.32rc1, 4.x before 4.0.22rc1, 4.1.x through 4.4.x before 4.4.10rc1, and 5.x before 5.0.2rc1 allows stored XSS in the URL Widget.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 6.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 2.7}, "published": "2020-07-17T03:15:00", "type": "cve", "title": "CVE-2020-15803", "cwe": ["CWE-79"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-15803"], "modified": "2021-04-21T17:15:00", "cpe": ["cpe:/a:zabbix:zabbix:5.0.2", "cpe:/a:zabbix:zabbix:4.0.22", "cpe:/a:zabbix:zabbix:4.4.9", "cpe:/a:zabbix:zabbix:5.0.1", "cpe:/a:zabbix:zabbix:3.0.32", "cpe:/a:zabbix:zabbix:3.0.31", "cpe:/a:zabbix:zabbix:4.0.21", "cpe:/a:zabbix:zabbix:4.4.10"], "id": "CVE-2020-15803", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15803", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:zabbix:zabbix:5.0.2:rc1:*:*:*:*:*:*", "cpe:2.3:a:zabbix:zabbix:5.0.2:-:*:*:*:*:*:*", "cpe:2.3:a:zabbix:zabbix:4.0.22:rc1:*:*:*:*:*:*", "cpe:2.3:a:zabbix:zabbix:4.0.21:*:*:*:*:*:*:*", "cpe:2.3:a:zabbix:zabbix:4.4.9:*:*:*:*:*:*:*", "cpe:2.3:a:zabbix:zabbix:4.4.10:-:*:*:*:*:*:*", "cpe:2.3:a:zabbix:zabbix:4.4.10:rc1:*:*:*:*:*:*", "cpe:2.3:a:zabbix:zabbix:3.0.31:*:*:*:*:*:*:*", "cpe:2.3:a:zabbix:zabbix:3.0.32:rc1:*:*:*:*:*:*", "cpe:2.3:a:zabbix:zabbix:5.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:zabbix:zabbix:4.0.22:-:*:*:*:*:*:*"]}], "debiancve": [{"lastseen": "2021-12-14T17:54:20", "description": "Zabbix before 3.0.32rc1, 4.x before 4.0.22rc1, 4.1.x through 4.4.x before 4.4.10rc1, and 5.x before 5.0.2rc1 allows stored XSS in the URL Widget.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "baseScore": 6.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 2.7}, "published": "2020-07-17T03:15:00", "type": "debiancve", "title": "CVE-2020-15803", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-15803"], "modified": "2020-07-17T03:15:00", "id": "DEBIANCVE:CVE-2020-15803", "href": "https://security-tracker.debian.org/tracker/CVE-2020-15803", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "fedora": [{"lastseen": "2021-07-28T14:46:51", "description": "Zabbix is software that monitors numerous parameters of a network and the health and integrity of servers. Zabbix uses a flexible notification mechan ism that allows users to configure e-mail based alerts for virtually any event. This allows a fast reaction to server problems. Zabbix offers excellent reporting and data visualization features based on the stored data. This makes Zabbix ideal for capacity planning. Zabbix supports both polling and trapping. All Zabbix reports and statistic s, as well as configuration parameters are accessed through a web-based front end. A web-based front end ensures that the status of your network and the healt h of your servers can be assessed from any location. Properly configured, Zabbix can play an important role in monitoring IT infrastructure. This is equally true for small organizations with a few servers and for large companies with a multitude of servers. ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "baseScore": 6.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 2.7}, "published": "2020-07-28T15:03:33", "type": "fedora", "title": "[SECURITY] Fedora 31 Update: zabbix-4.0.22-1.fc31", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-15803"], "modified": "2020-07-28T15:03:33", "id": "FEDORA:674923295160", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/TIRIMOXH6GSBAANDCB3ANLJK4CRLWRXT/", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-07-28T14:46:51", "description": "Zabbix is software that monitors numerous parameters of a network and the health and integrity of servers. Zabbix uses a flexible notification mechan ism that allows users to configure e-mail based alerts for virtually any event. This allows a fast reaction to server problems. Zabbix offers excellent reporting and data visualization features based on the stored data. This makes Zabbix ideal for capacity planning. Zabbix supports both polling and trapping. All Zabbix reports and statistic s, as well as configuration parameters are accessed through a web-based front end. A web-based front end ensures that the status of your network and the healt h of your servers can be assessed from any location. Properly configured, Zabbix can play an important role in monitoring IT infrastructure. This is equally true for small organizations with a few servers and for large companies with a multitude of servers. ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "baseScore": 6.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 2.7}, "published": "2020-07-30T17:53:43", "type": "fedora", "title": "[SECURITY] Fedora 32 Update: zabbix-4.0.22-1.fc32", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-15803"], "modified": "2020-07-30T17:53:43", "id": "FEDORA:7F34934E3FFA", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/2ZHHIUYIVA5GZYLKW6A5G6HRELPOBZFE/", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "nessus": [{"lastseen": "2022-05-23T16:17:55", "description": "Update to 4.0.22\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 6.1, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}, "published": "2020-07-30T00:00:00", "type": "nessus", "title": "Fedora 31 : 1:zabbix (2020-519516feec)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-15803"], "modified": "2020-08-03T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:1:zabbix", "cpe:/o:fedoraproject:fedora:31"], "id": "FEDORA_2020-519516FEEC.NASL", "href": "https://www.tenable.com/plugins/nessus/139102", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2020-519516feec.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(139102);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/08/03\");\n\n script_cve_id(\"CVE-2020-15803\");\n script_xref(name:\"FEDORA\", value:\"2020-519516feec\");\n\n script_name(english:\"Fedora 31 : 1:zabbix (2020-519516feec)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Update to 4.0.22\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2020-519516feec\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected 1:zabbix package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:1:zabbix\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:31\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/07/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/30\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^31([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 31\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC31\", reference:\"zabbix-4.0.22-1.fc31\", epoch:\"1\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"1:zabbix\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2022-05-23T16:23:00", "description": "This update for zabbix fixes the following issues :\n\nAdd patches to fix bsc#1174253 (CVE-2020-15803)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 6.1, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}, "published": "2020-08-18T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : zabbix (SUSE-SU-2020:2251-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-15803"], "modified": "2020-11-30T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:zabbix-agent", "p-cpe:/a:novell:suse_linux:zabbix-agent-debuginfo", "p-cpe:/a:novell:suse_linux:zabbix-debugsource", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2020-2251-1.NASL", "href": "https://www.tenable.com/plugins/nessus/139658", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2020:2251-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(139658);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/11/30\");\n\n script_cve_id(\"CVE-2020-15803\");\n\n script_name(english:\"SUSE SLES12 Security Update : zabbix (SUSE-SU-2020:2251-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for zabbix fixes the following issues :\n\nAdd patches to fix bsc#1174253 (CVE-2020-15803)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1174253\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-15803/\"\n );\n # https://www.suse.com/support/update/announcement/2020/suse-su-20202251-1\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8e02774b\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server 12-SP5 :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-2251=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-15803\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:zabbix-agent\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:zabbix-agent-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:zabbix-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/07/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/08/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/08/18\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(5)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP5\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"zabbix-agent-4.0.12-4.7.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"zabbix-agent-debuginfo-4.0.12-4.7.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"zabbix-debugsource-4.0.12-4.7.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"zabbix\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2022-05-23T16:17:00", "description": "Update to 4.0.22\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 6.1, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}, "published": "2020-07-30T00:00:00", "type": "nessus", "title": "Fedora 32 : 1:zabbix (2020-02cf7850ca)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-15803"], "modified": "2020-08-03T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:1:zabbix", "cpe:/o:fedoraproject:fedora:32"], "id": "FEDORA_2020-02CF7850CA.NASL", "href": "https://www.tenable.com/plugins/nessus/139100", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2020-02cf7850ca.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(139100);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/08/03\");\n\n script_cve_id(\"CVE-2020-15803\");\n script_xref(name:\"FEDORA\", value:\"2020-02cf7850ca\");\n\n script_name(english:\"Fedora 32 : 1:zabbix (2020-02cf7850ca)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Update to 4.0.22\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2020-02cf7850ca\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected 1:zabbix package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:1:zabbix\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:32\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/07/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/30\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^32([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 32\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC32\", reference:\"zabbix-4.0.22-1.fc32\", epoch:\"1\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"1:zabbix\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2022-05-23T16:24:11", "description": "It was discovered that there was a potential cross-site scripting vulnerability via iframe HTML elements in Zabbix, a PHP-based monitoring system.\n\nFor Debian 9 'Stretch', this problem has been fixed in version 1:3.0.7+dfsg-3+deb9u1.\n\nWe recommend that you upgrade your zabbix packages.\n\nFor the detailed security status of zabbix please refer to its security tracker page at:\nhttps://security-tracker.debian.org/tracker/zabbix\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 6.1, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}, "published": "2020-08-04T00:00:00", "type": "nessus", "title": "Debian DLA-2311-1 : zabbix security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-15803"], "modified": "2020-08-06T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:zabbix-agent", "p-cpe:/a:debian:debian_linux:zabbix-frontend-php", "p-cpe:/a:debian:debian_linux:zabbix-java-gateway", "p-cpe:/a:debian:debian_linux:zabbix-proxy-mysql", "p-cpe:/a:debian:debian_linux:zabbix-proxy-pgsql", "p-cpe:/a:debian:debian_linux:zabbix-proxy-sqlite3", "p-cpe:/a:debian:debian_linux:zabbix-server-mysql", "p-cpe:/a:debian:debian_linux:zabbix-server-pgsql", "cpe:/o:debian:debian_linux:9.0"], "id": "DEBIAN_DLA-2311.NASL", "href": "https://www.tenable.com/plugins/nessus/139297", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-2311-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(139297);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/08/06\");\n\n script_cve_id(\"CVE-2020-15803\");\n\n script_name(english:\"Debian DLA-2311-1 : zabbix security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"It was discovered that there was a potential cross-site scripting\nvulnerability via iframe HTML elements in Zabbix, a PHP-based\nmonitoring system.\n\nFor Debian 9 'Stretch', this problem has been fixed in version\n1:3.0.7+dfsg-3+deb9u1.\n\nWe recommend that you upgrade your zabbix packages.\n\nFor the detailed security status of zabbix please refer to its\nsecurity tracker page at:\nhttps://security-tracker.debian.org/tracker/zabbix\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2020/08/msg00007.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/zabbix\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/zabbix\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:zabbix-agent\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:zabbix-frontend-php\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:zabbix-java-gateway\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:zabbix-proxy-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:zabbix-proxy-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:zabbix-proxy-sqlite3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:zabbix-server-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:zabbix-server-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/07/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/08/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/08/04\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"9.0\", prefix:\"zabbix-agent\", reference:\"1:3.0.7+dfsg-3+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"zabbix-frontend-php\", reference:\"1:3.0.7+dfsg-3+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"zabbix-java-gateway\", reference:\"1:3.0.7+dfsg-3+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"zabbix-proxy-mysql\", reference:\"1:3.0.7+dfsg-3+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"zabbix-proxy-pgsql\", reference:\"1:3.0.7+dfsg-3+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"zabbix-proxy-sqlite3\", reference:\"1:3.0.7+dfsg-3+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"zabbix-server-mysql\", reference:\"1:3.0.7+dfsg-3+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"zabbix-server-pgsql\", reference:\"1:3.0.7+dfsg-3+deb9u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2022-02-19T12:17:00", "description": "This update for zabbix fixes the following issues :\n\nUpdated to version 3.0.31.\n\n + CVE-2020-15803: Fixed an XSS in the URL Widget (boo#1174253).", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-10-05T00:00:00", "type": "nessus", "title": "openSUSE Security Update : zabbix (openSUSE-2020-1604)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-11800", "CVE-2020-15803"], "modified": "2020-10-21T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:zabbix-agent", "p-cpe:/a:novell:opensuse:zabbix-agent-debuginfo", "p-cpe:/a:novell:opensuse:zabbix-bash-completion", "p-cpe:/a:novell:opensuse:zabbix-debuginfo", "p-cpe:/a:novell:opensuse:zabbix-debugsource", "p-cpe:/a:novell:opensuse:zabbix-java-gateway", "p-cpe:/a:novell:opensuse:zabbix-phpfrontend", "p-cpe:/a:novell:opensuse:zabbix-proxy", "p-cpe:/a:novell:opensuse:zabbix-proxy-mysql", "p-cpe:/a:novell:opensuse:zabbix-proxy-mysql-debuginfo", "p-cpe:/a:novell:opensuse:zabbix-proxy-postgresql", "p-cpe:/a:novell:opensuse:zabbix-proxy-postgresql-debuginfo", "p-cpe:/a:novell:opensuse:zabbix-proxy-sqlite", "p-cpe:/a:novell:opensuse:zabbix-proxy-sqlite-debuginfo", "p-cpe:/a:novell:opensuse:zabbix-server", "p-cpe:/a:novell:opensuse:zabbix-server-debuginfo", "p-cpe:/a:novell:opensuse:zabbix-server-mysql", "p-cpe:/a:novell:opensuse:zabbix-server-mysql-debuginfo", "p-cpe:/a:novell:opensuse:zabbix-server-postgresql", "p-cpe:/a:novell:opensuse:zabbix-server-postgresql-debuginfo", "p-cpe:/a:novell:opensuse:zabbix-server-sqlite", "p-cpe:/a:novell:opensuse:zabbix-server-sqlite-debuginfo", "cpe:/o:novell:opensuse:15.1", "cpe:/o:novell:opensuse:15.2"], "id": "OPENSUSE-2020-1604.NASL", "href": "https://www.tenable.com/plugins/nessus/141167", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2020-1604.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(141167);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/10/21\");\n\n script_cve_id(\"CVE-2020-11800\", \"CVE-2020-15803\");\n\n script_name(english:\"openSUSE Security Update : zabbix (openSUSE-2020-1604)\");\n script_summary(english:\"Check for the openSUSE-2020-1604 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for zabbix fixes the following issues :\n\nUpdated to version 3.0.31.\n\n + CVE-2020-15803: Fixed an XSS in the URL Widget\n (boo#1174253).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1174253\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected zabbix packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-11800\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:zabbix-agent\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:zabbix-agent-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:zabbix-bash-completion\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:zabbix-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:zabbix-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:zabbix-java-gateway\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:zabbix-phpfrontend\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:zabbix-proxy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:zabbix-proxy-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:zabbix-proxy-mysql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:zabbix-proxy-postgresql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:zabbix-proxy-postgresql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:zabbix-proxy-sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:zabbix-proxy-sqlite-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:zabbix-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:zabbix-server-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:zabbix-server-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:zabbix-server-mysql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:zabbix-server-postgresql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:zabbix-server-postgresql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:zabbix-server-sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:zabbix-server-sqlite-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/07/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/10/05\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.1|SUSE15\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.1 / 15.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.1\", reference:\"zabbix-agent-3.0.31-lp151.2.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"zabbix-agent-debuginfo-3.0.31-lp151.2.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"zabbix-bash-completion-3.0.31-lp151.2.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"zabbix-debuginfo-3.0.31-lp151.2.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"zabbix-debugsource-3.0.31-lp151.2.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"zabbix-java-gateway-3.0.31-lp151.2.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"zabbix-phpfrontend-3.0.31-lp151.2.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"zabbix-proxy-3.0.31-lp151.2.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"zabbix-proxy-mysql-3.0.31-lp151.2.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"zabbix-proxy-mysql-debuginfo-3.0.31-lp151.2.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"zabbix-proxy-postgresql-3.0.31-lp151.2.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"zabbix-proxy-postgresql-debuginfo-3.0.31-lp151.2.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"zabbix-proxy-sqlite-3.0.31-lp151.2.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"zabbix-proxy-sqlite-debuginfo-3.0.31-lp151.2.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"zabbix-server-3.0.31-lp151.2.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"zabbix-server-debuginfo-3.0.31-lp151.2.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"zabbix-server-mysql-3.0.31-lp151.2.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"zabbix-server-mysql-debuginfo-3.0.31-lp151.2.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"zabbix-server-postgresql-3.0.31-lp151.2.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"zabbix-server-postgresql-debuginfo-3.0.31-lp151.2.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"zabbix-server-sqlite-3.0.31-lp151.2.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"zabbix-server-sqlite-debuginfo-3.0.31-lp151.2.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"zabbix-agent-3.0.31-lp152.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"zabbix-agent-debuginfo-3.0.31-lp152.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"zabbix-bash-completion-3.0.31-lp152.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"zabbix-debuginfo-3.0.31-lp152.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"zabbix-debugsource-3.0.31-lp152.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"zabbix-java-gateway-3.0.31-lp152.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"zabbix-phpfrontend-3.0.31-lp152.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"zabbix-proxy-3.0.31-lp152.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"zabbix-proxy-mysql-3.0.31-lp152.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"zabbix-proxy-mysql-debuginfo-3.0.31-lp152.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"zabbix-proxy-postgresql-3.0.31-lp152.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"zabbix-proxy-postgresql-debuginfo-3.0.31-lp152.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"zabbix-proxy-sqlite-3.0.31-lp152.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"zabbix-proxy-sqlite-debuginfo-3.0.31-lp152.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"zabbix-server-3.0.31-lp152.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"zabbix-server-debuginfo-3.0.31-lp152.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"zabbix-server-mysql-3.0.31-lp152.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"zabbix-server-mysql-debuginfo-3.0.31-lp152.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"zabbix-server-postgresql-3.0.31-lp152.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"zabbix-server-postgresql-debuginfo-3.0.31-lp152.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"zabbix-server-sqlite-3.0.31-lp152.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"zabbix-server-sqlite-debuginfo-3.0.31-lp152.2.3.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"zabbix-agent / zabbix-agent-debuginfo / zabbix-bash-completion / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-05-23T15:42:36", "description": "Multiple vulnerabilities were discovered in Zabbix, a network monitoring solution. An attacker may enumerate valid users and redirect to external links through the zabbix web frontend.\n\nCVE-2019-15132\n\nZabbix allows User Enumeration. With login requests, it is possible to enumerate application usernames based on the variability of server responses (e.g., the 'Login name or password is incorrect' and 'No permissions for system access' messages, or just blocking for a number of seconds). This affects both api_jsonrpc.php and index.php.\n\nCVE-2020-15803\n\nZabbix allows stored XSS in the URL Widget. This fix was mistakenly dropped in previous upload 1:3.0.31+dfsg-0+deb9u1.\n\nThis update also includes several other bug fixes and improvements.\nFor more information please refer to the upstream changelog file.\n\nFor Debian 9 stretch, these problems have been fixed in version 1:3.0.32+dfsg-0+deb9u1.\n\nWe recommend that you upgrade your zabbix packages.\n\nFor the detailed security status of zabbix please refer to its security tracker page at:\nhttps://security-tracker.debian.org/tracker/zabbix\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 6.1, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}, "published": "2021-04-22T00:00:00", "type": "nessus", "title": "Debian DLA-2631-1 : zabbix security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-15132", "CVE-2020-15803"], "modified": "2022-05-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:zabbix-agent", "p-cpe:/a:debian:debian_linux:zabbix-frontend-php", "p-cpe:/a:debian:debian_linux:zabbix-java-gateway", "p-cpe:/a:debian:debian_linux:zabbix-proxy-mysql", "p-cpe:/a:debian:debian_linux:zabbix-proxy-pgsql", "p-cpe:/a:debian:debian_linux:zabbix-proxy-sqlite3", "p-cpe:/a:debian:debian_linux:zabbix-server-mysql", "p-cpe:/a:debian:debian_linux:zabbix-server-pgsql", "cpe:/o:debian:debian_linux:9.0"], "id": "DEBIAN_DLA-2631.NASL", "href": "https://www.tenable.com/plugins/nessus/148926", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-2631-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(148926);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/11\");\n\n script_cve_id(\"CVE-2019-15132\", \"CVE-2020-15803\");\n\n script_name(english:\"Debian DLA-2631-1 : zabbix security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Multiple vulnerabilities were discovered in Zabbix, a network\nmonitoring solution. An attacker may enumerate valid users and\nredirect to external links through the zabbix web frontend.\n\nCVE-2019-15132\n\nZabbix allows User Enumeration. With login requests, it is possible to\nenumerate application usernames based on the variability of server\nresponses (e.g., the 'Login name or password is incorrect' and 'No\npermissions for system access' messages, or just blocking for a number\nof seconds). This affects both api_jsonrpc.php and index.php.\n\nCVE-2020-15803\n\nZabbix allows stored XSS in the URL Widget. This fix was mistakenly\ndropped in previous upload 1:3.0.31+dfsg-0+deb9u1.\n\nThis update also includes several other bug fixes and improvements.\nFor more information please refer to the upstream changelog file.\n\nFor Debian 9 stretch, these problems have been fixed in version\n1:3.0.32+dfsg-0+deb9u1.\n\nWe recommend that you upgrade your zabbix packages.\n\nFor the detailed security status of zabbix please refer to its\nsecurity tracker page at:\nhttps://security-tracker.debian.org/tracker/zabbix\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2021/04/msg00018.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/zabbix\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/zabbix\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-15132\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:zabbix-agent\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:zabbix-frontend-php\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:zabbix-java-gateway\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:zabbix-proxy-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:zabbix-proxy-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:zabbix-proxy-sqlite3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:zabbix-server-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:zabbix-server-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/08/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/04/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/04/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"9.0\", prefix:\"zabbix-agent\", reference:\"1:3.0.32+dfsg-0+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"zabbix-frontend-php\", reference:\"1:3.0.32+dfsg-0+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"zabbix-java-gateway\", reference:\"1:3.0.32+dfsg-0+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"zabbix-proxy-mysql\", reference:\"1:3.0.32+dfsg-0+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"zabbix-proxy-pgsql\", reference:\"1:3.0.32+dfsg-0+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"zabbix-proxy-sqlite3\", reference:\"1:3.0.32+dfsg-0+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"zabbix-server-mysql\", reference:\"1:3.0.32+dfsg-0+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"zabbix-server-pgsql\", reference:\"1:3.0.32+dfsg-0+deb9u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-06-29T17:47:01", "description": "The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2022:0036-1 advisory.\n\n - Zabbix before 3.0.32rc1, 4.x before 4.0.22rc1, 4.1.x through 4.4.x before 4.4.10rc1, and 5.x before 5.0.2rc1 allows stored XSS in the URL Widget. (CVE-2020-15803)\n\n - In Zabbix from 4.0.x before 4.0.28rc1, 5.0.0alpha1 before 5.0.10rc1, 5.2.x before 5.2.6rc1, and 5.4.0alpha1 before 5.4.0beta2, the CControllerAuthenticationUpdate controller lacks a CSRF protection mechanism. The code inside this controller calls diableSIDValidation inside the init() method. An attacker doesn't have to know Zabbix user login credentials, but has to know the correct Zabbix URL and contact information of an existing user with sufficient privileges. (CVE-2021-27927)\n\n - After the initial setup process, some steps of setup.php file are reachable not only by super- administrators, but by unauthenticated users as well. Malicious actor can pass step checks and potentially change the configuration of Zabbix Frontend. (CVE-2022-23134)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2022-02-17T00:00:00", "type": "nessus", "title": "openSUSE 15 Security Update : zabbix (openSUSE-SU-2022:0036-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-15803", "CVE-2021-27927", "CVE-2022-23134"], "modified": "2022-02-23T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:zabbix-agent", "p-cpe:/a:novell:opensuse:zabbix-java-gateway", "p-cpe:/a:novell:opensuse:zabbix-phpfrontend", "p-cpe:/a:novell:opensuse:zabbix-proxy", "p-cpe:/a:novell:opensuse:zabbix-proxy-mysql", "p-cpe:/a:novell:opensuse:zabbix-proxy-postgresql", "p-cpe:/a:novell:opensuse:zabbix-proxy-sqlite", "p-cpe:/a:novell:opensuse:zabbix-server", "p-cpe:/a:novell:opensuse:zabbix-server-mysql", "p-cpe:/a:novell:opensuse:zabbix-server-postgresql", "cpe:/o:novell:opensuse:15.3"], "id": "OPENSUSE-2022-0036-1.NASL", "href": "https://www.tenable.com/plugins/nessus/158130", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# openSUSE Security Update openSUSE-SU-2022:0036-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(158130);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/02/23\");\n\n script_cve_id(\"CVE-2020-15803\", \"CVE-2021-27927\", \"CVE-2022-23134\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/03/08\");\n\n script_name(english:\"openSUSE 15 Security Update : zabbix (openSUSE-SU-2022:0036-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe openSUSE-SU-2022:0036-1 advisory.\n\n - Zabbix before 3.0.32rc1, 4.x before 4.0.22rc1, 4.1.x through 4.4.x before 4.4.10rc1, and 5.x before\n 5.0.2rc1 allows stored XSS in the URL Widget. (CVE-2020-15803)\n\n - In Zabbix from 4.0.x before 4.0.28rc1, 5.0.0alpha1 before 5.0.10rc1, 5.2.x before 5.2.6rc1, and\n 5.4.0alpha1 before 5.4.0beta2, the CControllerAuthenticationUpdate controller lacks a CSRF protection\n mechanism. The code inside this controller calls diableSIDValidation inside the init() method. An attacker\n doesn't have to know Zabbix user login credentials, but has to know the correct Zabbix URL and contact\n information of an existing user with sufficient privileges. (CVE-2021-27927)\n\n - After the initial setup process, some steps of setup.php file are reachable not only by super-\n administrators, but by unauthenticated users as well. Malicious actor can pass step checks and potentially\n change the configuration of Zabbix Frontend. (CVE-2022-23134)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1144018\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1174253\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1181400\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1183014\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194681\");\n # https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/EDFZEEJCPRPPDEWV6JULRJZVSQCMYOEY/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?1f2eadef\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-15803\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-27927\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-23134\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-27927\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/05/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/02/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/02/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:zabbix-agent\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:zabbix-java-gateway\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:zabbix-phpfrontend\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:zabbix-proxy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:zabbix-proxy-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:zabbix-proxy-postgresql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:zabbix-proxy-sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:zabbix-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:zabbix-server-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:zabbix-server-postgresql\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.3\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/SuSE/release');\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, 'openSUSE');\nvar os_ver = pregmatch(pattern: \"^SUSE([\\d.]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'openSUSE');\nos_ver = os_ver[1];\nif (release !~ \"^(SUSE15\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, 'openSUSE', '15.3', release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'openSUSE ' + os_ver, cpu);\n\nvar pkgs = [\n {'reference':'zabbix-agent-4.0.37-lp153.2.3.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'zabbix-java-gateway-4.0.37-lp153.2.3.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'zabbix-phpfrontend-4.0.37-lp153.2.3.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'zabbix-proxy-4.0.37-lp153.2.3.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'zabbix-proxy-mysql-4.0.37-lp153.2.3.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'zabbix-proxy-postgresql-4.0.37-lp153.2.3.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'zabbix-proxy-sqlite-4.0.37-lp153.2.3.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'zabbix-server-4.0.37-lp153.2.3.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'zabbix-server-mysql-4.0.37-lp153.2.3.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'zabbix-server-postgresql-4.0.37-lp153.2.3.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var cpu = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'zabbix-agent / zabbix-java-gateway / zabbix-phpfrontend / zabbix-proxy / etc');\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "exploitdb": [{"lastseen": "2022-05-13T17:42:04", "description": "", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 6.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 2.7}, "published": "2020-12-04T00:00:00", "type": "exploitdb", "title": "Zabbix 5.0.0 - Stored XSS via URL Widget Iframe", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-15803"], "modified": "2020-12-04T00:00:00", "id": "EDB-ID:49202", "href": "https://www.exploit-db.com/exploits/49202", "sourceData": "# Exploit Title: Zabbix 5.0.0 - Stored XSS via URL Widget Iframe\r\n# Date: 8/11/2020\r\n# Exploit Author: Shwetabh Vishnoi\r\n# Vendor Homepage: https://www.zabbix.com/\r\n# Software Link: https://www.zabbix.com/download\r\n# Affected Version: Zabbix before 3.0.32rc1, 4.x before 4.0.22rc1, 4.1.x through 4.4.x before 4.4.10rc1, and 5.x before 5.0.2rc1\r\n# CVE : CVE-2020-15803\r\n\r\nAffected URL/endpoint(s):\r\nhttp://192.168.1.7/zabbix.php?sid=f7ca8c8270ce38c7&action=dashboard.widget.check\r\n\r\nAffected Param: <iframe src=\"http://localhost/hello.html\" scrolling=\"auto\"\r\nid=\"iframe\" class=\"widget-url\" width=\"100%\" height=\"100%\"></iframe>\r\n\r\nDescription: The application contains a widget functionality within Global\r\nView Dashboard which can be used by a malicious admin to propagate stored\r\ncross site scripting attack. The \u201cURL\u201d widget iframe does not have any\r\ninbuilt restrictions for the content executing within.\r\n\r\nImpact: The malicious webpages within iframes can be used for hosting forms\r\nfor Phishing, malware propagation, forced redirections etc.\r\n\r\nThe affected Global View dashboard is displayed to all the users of the\r\napplication, so all the users will be affected with this vulnerability.\r\n\r\nReproduction Steps:\r\n1. Login to the application with Admin\r\n2. In Global View Dashboard, Add a widget\r\n3. Select Type \u2013 \u201cURL\u201d, fill any random values for Name, Refresh Interval.\r\n4. Now, in the URL parameter, enter a malicious URL.\r\n5. For demo purpose, I have hosted a web server on my machine and hosted a webpage http://localhost/hello.html. (Alternatively, you can use \u201c http://14.rs\u201d to display popups.)\r\n6. The malicious webpage containing payload will be executed on the dashboard via iFrame.\r\n7. The executed content can redirect the user to a malicious page (We have used Bing page for redirection).", "sourceHref": "https://www.exploit-db.com/download/49202", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "suse": [{"lastseen": "2022-04-18T12:40:59", "description": "An update that fixes two vulnerabilities is now available.\n\nDescription:\n\n This update for zabbix fixes the following issues:\n\n Updated to version 3.0.31.\n\n + CVE-2020-15803: Fixed an XSS in the URL Widget (boo#1174253).\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.2:\n\n zypper in -t patch openSUSE-2020-1604=1\n\n - openSUSE Leap 15.1:\n\n zypper in -t patch openSUSE-2020-1604=1\n\n - openSUSE Backports SLE-15-SP2:\n\n zypper in -t patch openSUSE-2020-1604=1\n\n - openSUSE Backports SLE-15-SP1:\n\n zypper in -t patch openSUSE-2020-1604=1", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-10-04T00:00:00", "type": "suse", "title": "Security update for zabbix (moderate)", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-11800", "CVE-2020-15803"], "modified": "2020-10-04T00:00:00", "id": "OPENSUSE-SU-2020:1604-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/4C6KYLGA3MCY6Q5OM7ZL6563XFHY2RTB/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-18T12:39:45", "description": "An update that solves three vulnerabilities and has two\n fixes is now available.\n\nDescription:\n\n This update for zabbix fixes the following issues:\n\n - Updated to latest realease 4.0.37.\n\n Security issues fixed:\n\n - CVE-2022-23134: Fixed possible view of the setup pages by\n unauthenticated users if config file already exists (boo#1194681).\n - CVE-2021-27927: Fixed CSRF protection mechanism inside\n CControllerAuthenticationUpdate controller (boo#1183014).\n - CVE-2020-15803: Fixed stored XSS in the URL Widget (boo#1174253).\n\n Bugfixes:\n\n - boo#1181400: Added hardening to systemd service(s)\n - boo#1144018: Restructured for easier maintenance because FATE#324346\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.3:\n\n zypper in -t patch openSUSE-2022-36=1", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-02-16T00:00:00", "type": "suse", "title": "Security update for zabbix (moderate)", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-15803", "CVE-2021-27927", "CVE-2022-23134"], "modified": "2022-02-16T00:00:00", "id": "OPENSUSE-SU-2022:0036-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/EDFZEEJCPRPPDEWV6JULRJZVSQCMYOEY/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-14T11:58:12", "description": "An update that fixes 5 vulnerabilities is now available.\n\nDescription:\n\n This update for MozillaThunderbird fixes the following issues:\n\n - Mozilla Thunderbird 91.4.1\n - CVE-2021-4126: OpenPGP signature status doesn't consider additional\n message content. (bsc#1194215)\n - CVE-2021-44538: Matrix chat library libolm bundled with Thunderbird\n vulnerable to a buffer overflow. (bsc#1194020)\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.3:\n\n zypper in -t patch openSUSE-SLE-15.3-2022-58=1\n\n - openSUSE Backports SLE-15-SP3:\n\n zypper in -t patch openSUSE-2022-58=1", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-03-01T00:00:00", "type": "suse", "title": "Security update for MozillaThunderbird (important)", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-15803", "CVE-2021-27927", "CVE-2021-4126", "CVE-2021-44538", "CVE-2022-23134"], "modified": "2022-03-01T00:00:00", "id": "OPENSUSE-SU-2022:0058-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/IYLYDAWECDCB5OVO4PC6XIHVIX2I3JAB/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}]}

Zabbix 5.0.0 Cross Site Scripting

Description

Related