Vulnerability CVE-2022-35229: Information
Description
An authenticated user can create a link with reflected Javascript code inside it for the discovery page and send it to other users. The payload can be executed only with a known CSRF token value of the victim, which is changed periodically and is difficult to predict.
Severity: MEDIUM (5.4) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Fixed packages
Package name | Branch | Fixed in version | Version from repository | Errata ID | Task # | State |
---|---|---|---|---|---|---|
zabbix | sisyphus | 4.0.0-alt1 | 6.0.29-alt1 | ALT-PU-2018-2422-1 | 214129 | Fixed |
zabbix | sisyphus_e2k | 5.4.9-alt1 | 6.0.29-alt1 | ALT-PU-2021-4721-1 | - | Fixed |
zabbix | p10 | 5.4.3-alt1 | 6.0.29-alt0.p10.1 | ALT-PU-2021-2668-1 | 283498 | Fixed |
zabbix | p10_e2k | 5.4.9-alt1 | 6.0.29-alt0.p10.1 | ALT-PU-2021-4717-1 | - | Fixed |
zabbix | p9 | 4.0.0-alt1 | 5.0.12-alt0.p9.1 | ALT-PU-2018-2422-1 | 214129 | Fixed |
zabbix | c10f1 | 5.4.3-alt1 | 6.0.27-alt0.c10f1.1 | ALT-PU-2021-2668-1 | 283498 | Fixed |
zabbix | c9f2 | 5.0.38-alt1 | 5.0.40-alt1 | ALT-PU-2023-6268-3 | 329847 | Fixed |
References to Advisories, Solutions, and Tools
Hyperlink | Resource |
---|---|
N/A |
|
[debian-lts-announce] 20230412 [SECURITY] [DLA 3390-1] zabbix security update | |
[debian-lts-announce] 20230822 [SECURITY] [DLA 3538-1] zabbix security update |