PT-2023-9379 · Zabbix+3 · Zabbix+3

Vjaceslavs Bogdanovs

Publicado

2023-01-06

Atualizado

2024-12-10

CVE-2023-29449

CVSS v2.0

6.1

Média

Vetor

AV:N/AC:L/Au:M/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Zabbix (affected versions not specified)

Description The issue is related to uncontrolled CPU, memory, and disk I/O utilization caused by JavaScript preprocessing, webhooks, and global scripts. This can be exploited to cause a denial of service. The security risk is limited because configuration and testing of these scripts are only available to Administrative roles, such as Admin and Superadmin.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Allocation of Resources Without Limits

Resource Exhaustion

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-770CWE-400

Identificadores relacionados

ALT-PU-2023-6268

BDU:2024-06939

CVE-2023-29449

DLA-3909-1

ROSA-SA-2024-2539

Produtos afetados

Alt Linux

Astra Linux

Debian

Zabbix

PT-2023-9379 · Zabbix+3 · Zabbix+3

CVE-2023-29449

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 100