Zabbix
by Zabbix
Source repositories
CVEs (118)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-29452 | 0.00 | — | 0.62 | Jul 13, 2023 | Currently, geomap configuration (Administration -> General -> Geographical maps) allows using HTML in the field “Attribution text” when selected “Other” Tile provider. | |||
| CVE-2023-29451 | 0.00 | — | 0.01 | Jul 13, 2023 | Specially crafted string can cause a buffer overrun in the JSON parser library leading to a crash of the Zabbix Server or a Zabbix Proxy. | |||
| CVE-2023-29450 | 0.00 | — | 0.01 | Jul 13, 2023 | JavaScript pre-processing can be used by the attacker to gain access to the file system (read-only access on behalf of user "zabbix") on the Zabbix Server or Zabbix Proxy, potentially leading to unauthorized access to sensitive data. | |||
| CVE-2023-29449 | 0.00 | — | 0.01 | Jul 13, 2023 | JavaScript preprocessing, webhooks and global scripts can cause uncontrolled CPU, memory, and disk I/O utilization. Preprocessing/webhook/global script configuration and testing are only available to Administrative roles (Admin and Superadmin). Administrative privileges should… | |||
| CVE-2022-46768 | 0.00 | — | 0.48 | Dec 19, 2022 | Arbitrary file read vulnerability exists in Zabbix Web Service Report Generation, which listens on the port 10053. The service does not have proper validation for URL parameters before reading the files. | |||
| CVE-2022-43515 | 0.00 | — | 0.01 | Dec 12, 2022 | Zabbix Frontend provides a feature that allows admins to maintain the installation and ensure that only certain IP addresses can access it. In this way, any user will not be able to access the Zabbix Frontend while it is being maintained and possible sensitive data will be… | |||
| CVE-2022-40626 | 0.00 | — | 0.01 | Sep 14, 2022 | An unauthenticated user can create a link with reflected Javascript code inside the backurl parameter and send it to other authenticated users in order to create a fake account with predefined login, password and role in Zabbix Frontend. | |||
| CVE-2022-35230 | 0.00 | — | 0.01 | Jul 6, 2022 | An authenticated user can create a link with reflected Javascript code inside it for the graphs page and send it to other users. The payload can be executed only with a known CSRF token value of the victim, which is changed periodically and is difficult to predict. | |||
| CVE-2022-35229 | 0.00 | — | 0.01 | Jul 6, 2022 | An authenticated user can create a link with reflected Javascript code inside it for the discovery page and send it to other users. The payload can be executed only with a known CSRF token value of the victim, which is changed periodically and is difficult to predict. | |||
| CVE-2022-24919 | 0.00 | — | 0.01 | Mar 9, 2022 | An authenticated user can create a link with reflected Javascript code inside it for graphs’ page and send it to other users. The payload can be executed only with a known CSRF token value of the victim, which is changed periodically and is difficult to predict. Malicious code… | |||
| CVE-2022-24917 | 0.00 | — | 0.01 | Mar 9, 2022 | An authenticated user can create a link with reflected Javascript code inside it for services’ page and send it to other users. The payload can be executed only with a known CSRF token value of the victim, which is changed periodically and is difficult to predict. Malicious… | |||
| CVE-2022-24349 | 0.00 | — | 0.01 | Mar 9, 2022 | An authenticated user can create a link with reflected XSS payload for actions’ pages, and send it to other users. Malicious code has access to all the same objects as the rest of the web page and can make arbitrary modifications to the contents of the page being displayed to… | |||
| CVE-2021-46088 | 0.00 | — | 0.04 | Jan 27, 2022 | Zabbix 4.0 LTS, 4.2, 4.4, and 5.0 LTS is vulnerable to Remote Code Execution (RCE). Any user with the "Zabbix Admin" role is able to run custom shell script on the application server in the context of the application user. | |||
| CVE-2022-23133 | 0.00 | — | 0.01 | Jan 13, 2022 | An authenticated user can create a hosts group from the configuration with XSS payload, which will be available for other users. When XSS is stored by an authenticated malicious actor and other users try to search for groups during new host creation, the XSS payload will fire… | |||
| CVE-2022-23132 | 0.00 | — | 0.01 | Jan 13, 2022 | During Zabbix installation from RPM, DAC_OVERRIDE SELinux capability is in use to access PID files in [/var/run/zabbix] folder. In this case, Zabbix Proxy or Server processes can bypass file read, write and execute permissions check on the file system level | |||
| CVE-2021-27927 | 0.00 | — | 0.01 | Mar 3, 2021 | In Zabbix from 4.0.x before 4.0.28rc1, 5.0.0alpha1 before 5.0.10rc1, 5.2.x before 5.2.6rc1, and 5.4.0alpha1 before 5.4.0beta2, the CControllerAuthenticationUpdate controller lacks a CSRF protection mechanism. The code inside this controller calls diableSIDValidation inside the… | |||
| CVE-2020-15803 | 0.00 | — | 0.32 | Jul 17, 2020 | Zabbix before 3.0.32rc1, 4.x before 4.0.22rc1, 4.1.x through 4.4.x before 4.4.10rc1, and 5.x before 5.0.2rc1 allows stored XSS in the URL Widget. | |||
| CVE-2013-7484 | 0.00 | — | 0.01 | Nov 30, 2019 | Zabbix before 5.0 represents passwords in the users table with unsalted MD5. | |||
| CVE-2019-15132 | 0.00 | — | 0.02 | Aug 17, 2019 | Zabbix through 4.4.0alpha1 allows User Enumeration. With login requests, it is possible to enumerate application usernames based on the variability of server responses (e.g., the "Login name or password is incorrect" and "No permissions for system access" messages, or just… | |||
| CVE-2016-10742 | 0.00 | — | 0.03 | Feb 17, 2019 | Zabbix before 2.2.21rc1, 3.x before 3.0.13rc1, 3.1.x and 3.2.x before 3.2.10rc1, and 3.3.x and 3.4.x before 3.4.4rc1 allows open redirect via the request parameter. |
- CVE-2023-29452Jul 13, 2023risk 0.00cvss —epss 0.62
Currently, geomap configuration (Administration -> General -> Geographical maps) allows using HTML in the field “Attribution text” when selected “Other” Tile provider.
- CVE-2023-29451Jul 13, 2023risk 0.00cvss —epss 0.01
Specially crafted string can cause a buffer overrun in the JSON parser library leading to a crash of the Zabbix Server or a Zabbix Proxy.
- CVE-2023-29450Jul 13, 2023risk 0.00cvss —epss 0.01
JavaScript pre-processing can be used by the attacker to gain access to the file system (read-only access on behalf of user "zabbix") on the Zabbix Server or Zabbix Proxy, potentially leading to unauthorized access to sensitive data.
- CVE-2023-29449Jul 13, 2023risk 0.00cvss —epss 0.01
JavaScript preprocessing, webhooks and global scripts can cause uncontrolled CPU, memory, and disk I/O utilization. Preprocessing/webhook/global script configuration and testing are only available to Administrative roles (Admin and Superadmin). Administrative privileges should…
- CVE-2022-46768Dec 19, 2022risk 0.00cvss —epss 0.48
Arbitrary file read vulnerability exists in Zabbix Web Service Report Generation, which listens on the port 10053. The service does not have proper validation for URL parameters before reading the files.
- CVE-2022-43515Dec 12, 2022risk 0.00cvss —epss 0.01
Zabbix Frontend provides a feature that allows admins to maintain the installation and ensure that only certain IP addresses can access it. In this way, any user will not be able to access the Zabbix Frontend while it is being maintained and possible sensitive data will be…
- CVE-2022-40626Sep 14, 2022risk 0.00cvss —epss 0.01
An unauthenticated user can create a link with reflected Javascript code inside the backurl parameter and send it to other authenticated users in order to create a fake account with predefined login, password and role in Zabbix Frontend.
- CVE-2022-35230Jul 6, 2022risk 0.00cvss —epss 0.01
An authenticated user can create a link with reflected Javascript code inside it for the graphs page and send it to other users. The payload can be executed only with a known CSRF token value of the victim, which is changed periodically and is difficult to predict.
- CVE-2022-35229Jul 6, 2022risk 0.00cvss —epss 0.01
An authenticated user can create a link with reflected Javascript code inside it for the discovery page and send it to other users. The payload can be executed only with a known CSRF token value of the victim, which is changed periodically and is difficult to predict.
- CVE-2022-24919Mar 9, 2022risk 0.00cvss —epss 0.01
An authenticated user can create a link with reflected Javascript code inside it for graphs’ page and send it to other users. The payload can be executed only with a known CSRF token value of the victim, which is changed periodically and is difficult to predict. Malicious code…
- CVE-2022-24917Mar 9, 2022risk 0.00cvss —epss 0.01
An authenticated user can create a link with reflected Javascript code inside it for services’ page and send it to other users. The payload can be executed only with a known CSRF token value of the victim, which is changed periodically and is difficult to predict. Malicious…
- CVE-2022-24349Mar 9, 2022risk 0.00cvss —epss 0.01
An authenticated user can create a link with reflected XSS payload for actions’ pages, and send it to other users. Malicious code has access to all the same objects as the rest of the web page and can make arbitrary modifications to the contents of the page being displayed to…
- CVE-2021-46088Jan 27, 2022risk 0.00cvss —epss 0.04
Zabbix 4.0 LTS, 4.2, 4.4, and 5.0 LTS is vulnerable to Remote Code Execution (RCE). Any user with the "Zabbix Admin" role is able to run custom shell script on the application server in the context of the application user.
- CVE-2022-23133Jan 13, 2022risk 0.00cvss —epss 0.01
An authenticated user can create a hosts group from the configuration with XSS payload, which will be available for other users. When XSS is stored by an authenticated malicious actor and other users try to search for groups during new host creation, the XSS payload will fire…
- CVE-2022-23132Jan 13, 2022risk 0.00cvss —epss 0.01
During Zabbix installation from RPM, DAC_OVERRIDE SELinux capability is in use to access PID files in [/var/run/zabbix] folder. In this case, Zabbix Proxy or Server processes can bypass file read, write and execute permissions check on the file system level
- CVE-2021-27927Mar 3, 2021risk 0.00cvss —epss 0.01
In Zabbix from 4.0.x before 4.0.28rc1, 5.0.0alpha1 before 5.0.10rc1, 5.2.x before 5.2.6rc1, and 5.4.0alpha1 before 5.4.0beta2, the CControllerAuthenticationUpdate controller lacks a CSRF protection mechanism. The code inside this controller calls diableSIDValidation inside the…
- CVE-2020-15803Jul 17, 2020risk 0.00cvss —epss 0.32
Zabbix before 3.0.32rc1, 4.x before 4.0.22rc1, 4.1.x through 4.4.x before 4.4.10rc1, and 5.x before 5.0.2rc1 allows stored XSS in the URL Widget.
- CVE-2013-7484Nov 30, 2019risk 0.00cvss —epss 0.01
Zabbix before 5.0 represents passwords in the users table with unsalted MD5.
- CVE-2019-15132Aug 17, 2019risk 0.00cvss —epss 0.02
Zabbix through 4.4.0alpha1 allows User Enumeration. With login requests, it is possible to enumerate application usernames based on the variability of server responses (e.g., the "Login name or password is incorrect" and "No permissions for system access" messages, or just…
- CVE-2016-10742Feb 17, 2019risk 0.00cvss —epss 0.03
Zabbix before 2.2.21rc1, 3.x before 3.0.13rc1, 3.1.x and 3.2.x before 3.2.10rc1, and 3.3.x and 3.4.x before 3.4.4rc1 allows open redirect via the request parameter.
Page 5 of 6