CVE-2024-36463

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: Zabbix versions prior to 7.0.2

Description: The issue is related to the implementation of atob in "Zabbix JS", which allows creating a string with arbitrary content to access internal properties of objects. This can potentially lead to data exposure. The vulnerability is associated with access to a critical private variable through a public method, which can be exploited by a remote attacker to impact the integrity of protected information.

Recommendations: For versions prior to 7.0.2, upgrade Zabbix to a newer version to mitigate the risk of data exposure. As a temporary workaround, consider restricting access to the atob method in "Zabbix JS" to minimize the risk of exploitation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-767

Related Identifiers

ALT-PU-2024-16527

ALT-PU-2024-16638

ALT-PU-2025-3400

BDU:2024-10864

CVE-2024-36463

DLA-3909-1

Affected Products

Alt Linux

Astra Linux

Debian

Red Os

Zabbix

Zabbix Js

CVE-2024-36463

Weakness Enumeration

Related Identifiers

Affected Products

References · 25