Maris Melnikovs

**Name of the Vulnerable Software and Affected Versions** Zabbix (affected versions not specified) **Description** The issue is related to incorrect code generation control in the Zabbix monitoring system. It allows a remote attacker to execute arbitrary code. Setting SMS media allows configuring a GSM modem file, which is later used as a Linux device. However, since everything is a file in Linux, it is possible to configure another file, such as a log file, and the zabbix server will attempt to communicate with it as a modem. As a result, the log file will be broken with AT commands, and a small part of the log file content will be leaked to the UI. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Zabbix (affected versions not specified) **Description** The issue is related to the front-end audit log, which allows viewing of unprotected plaintext passwords. These passwords are displayed in plain text, potentially enabling a remote attacker to gain access to confidential information. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Zabbix Agent versions prior to 7.0.0rc2 **Description** The issue is related to improper permission storage in the Zabbix Agent application. This can allow an attacker to elevate their privileges. A non-admin user can change or remove important features within the application, thus impacting its integrity and availability. **Recommendations** For versions prior to 7.0.0rc2, upgrade the affected components immediately to mitigate the risk. As a temporary workaround, consider restricting access to sensitive features within the Zabbix Agent application to prevent unauthorized changes.

Name of the Vulnerable Software and Affected Versions: Zabbix server versions 6.0.0 through 6.0.27 Zabbix server versions 6.4.0 through 6.4.12 Zabbix server versions 7.0.0alpha1 through 7.0.0beta1 Description: The Zabbix server is vulnerable to a time-based SQL injection attack due to the "clientip" field not being sanitized. This allows an attacker to inject SQL into the "clientip" field and exploit the vulnerability. The attack can lead to privilege escalation from user to admin and, in some cases, remote code execution. The vulnerability is related to the execution of configured scripts and the addition of audit entries to the "Audit Log". Recommendations: For Zabbix server versions 6.0.0 through 6.0.27, update to version 6.0.28rc1 or later. For Zabbix server versions 6.4.0 through 6.4.12, update to version 6.4.13rc1 or later. For Zabbix server versions 7.0.0alpha1 through 7.0.0beta1, update to version 7.0.0beta2 or later. As a temporary workaround, consider disabling the execution of configured scripts until a patch is available. Restrict access to the "Audit Log" to minimize the risk of exploitation. Avoid using the "clientip" field in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Zabbix versions (affected versions not specified) **Description** The issue is related to the incorrect handling of security prefixes in cookie names, specifically the `zbx session` cookie, which can allow a remote attacker to elevate their privileges. When testing or executing scheduled reports, the website configured in the URL widget receives a session cookie, which can then be used to access the frontend as a particular user. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Zabbix (affected versions not specified) **Description** The issue is related to incorrect permission assignment for a critical resource in the Zabbix universal monitoring system agent. This can allow a remote attacker to execute arbitrary code. A request to LDAP is sent before user permissions are checked. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Go versions prior to 1.21 Zabbix (affected versions not specified) **Description** The issue concerns the improper handling of backticks in Javascript template literals within Go templates, potentially allowing for the injection of arbitrary Javascript code. Additionally, there is a vulnerability related to incorrect code generation management in the Zabbix universal monitoring system agent, which could enable a remote attacker to execute arbitrary code. **Recommendations** For Go versions prior to 1.21, consider using the GODEBUG flag jstmpllitinterp=1 to re-enable the previous behavior, but be aware that backticks will be escaped, and use this with caution. For Zabbix, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Zabbix versions (affected versions not specified) Duktape version 2.6 **Description** The issue is related to an unverified array indexing in the Duktape component of the Zabbix monitoring system. This can lead to a denial of service when exploited by a remote attacker. The problem occurs due to a bug in Duktape 2.6, which is a third-party embeddable JavaScript engine used for its portability and compact footprint. When too many values are added to the valstack in JavaScript, it will crash. **Recommendations** For Duktape version 2.6, consider disabling the use of the valstack in JavaScript until a patch is available. As a temporary workaround, restrict the number of values that can be added to the valstack to prevent JavaScript from crashing. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Zabbix (affected versions not specified) **Description** The issue is related to the lack of protection for the web page structure in Zabbix, allowing an attacker to access and compromise confidential data. Specifically, the geomap configuration permits the use of HTML in the "Attribution text" field when the "Other" Tile provider is selected. This could potentially be exploited by a remote attacker. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Zabbix (affected versions not specified) **Description** The issue is related to reflected XSS attacks, which occur when a malicious script is reflected off a web application to the victim's browser. The script can be activated through Action form fields, sent as a request to a website with a vulnerability that enables execution of malicious scripts. This vulnerability is associated with a lack of protection for the web page structure, potentially allowing a remote attacker to access and compromise confidential data. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Zabbix (affected versions not specified) **Description** The issue is related to the URL validation scheme in Zabbix, which receives input from a user and parses it to identify its various components. The validation scheme can ensure that all URL components comply with internet standards. However, exploitation of this issue may allow a remote attacker to access confidential data and compromise its integrity. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Zabbix (affected versions not specified) **Description** The issue is related to a lack of protection of the web page structure in Zabbix, allowing a remote attacker to access and compromise confidential data. This is a reflected XSS attack, also known as a non-persistent attack, where a malicious script is reflected off a web application to the victim's browser. The script is activated through a link that sends a request to a website with a vulnerability that enables the execution of malicious scripts. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Zabbix (affected versions not specified) **Description** The issue is related to stored or persistent cross-site scripting (XSS), where an attacker sends a payload to a web application, which then saves the payload and unintentionally executes it for every visiting victim. This can allow a remote attacker to access and compromise confidential data. The vulnerability is also associated with a lack of protection for the web page structure. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.