Big_John

**Name of the Vulnerable Software and Affected Versions** Zabbix versions prior to 7.4 **Description** A design flaw in Zabbix Server/Proxy related to JavaScript (Duktape) context reuse can result in data leakage. Specifically, a regular Zabbix administrator may unintentionally expose data for hosts they are not authorized to access. The issue stems from the way JavaScript contexts are handled during script item processing, JavaScript reprocessing, and Webhooks. A fix has been implemented to make built-in Zabbix JavaScript objects read-only, but the use of global JavaScript variables is discouraged as their content could still be exposed. **Recommendations** Update to Zabbix version 7.4 or later. Avoid using global JavaScript variables.