PT-2024-9092 · Zabbix+4 · Zabbix+4

Vjaceslavs Bogdanovs

Published

2024-11-27

Updated

2025-10-08

CVE-2024-42330

CVSS v3.1

9.1

Critical

Vector

AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: Zabbix (affected versions not specified)

Description: The issue is related to the use of uncontrolled format strings when processing HttpRequest objects, which can allow a remote attacker to gain unauthorized access to protected information. The problem lies in the fact that the returned strings are created directly from the data returned by the server and are not correctly encoded for JavaScript, allowing the creation of internal strings that can be used to access hidden properties of objects.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Use of Externally-Controlled Format String

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-134

Related Identifiers

ALT-PU-2024-16527

ALT-PU-2024-16638

ALT-PU-2025-3400

BDU:2024-10774

CVE-2024-42330

DLA-3984-1

Affected Products

Alt Linux

Astra Linux

Debian

Red Os

Zabbix

PT-2024-9092 · Zabbix+4 · Zabbix+4

CVE-2024-42330

Weakness Enumeration

Related Identifiers

Affected Products

References · 32