CVE-2023-29449

MEDIUM severity · CVSS 5.9 · Uncontrolled resource consumption

5.9CVSS MEDIUM

Summary

JavaScript preprocessing, webhooks and global scripts can cause uncontrolled CPU, memory, and disk I/O utilization. Preprocessing/webhook/global script configuration and testing are only available to Administrative roles (Admin and Superadmin). Administrative privileges should be typically granted to users who need to perform tasks that require more control over the system. The security risk is limited because not all users have this level of access.

Impact & exploitability

Attack vectorNetwork

Attack complexityHigh

Privileges requiredNone

User interactionNone

Confidentiality impactNone

Integrity impactNone

Availability impactHigh

Exploit probability (EPSS)1%

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected products we track (1)

Zabbix

Recommendation

Apply the vendor fix in your normal patch cycle. Open any affected product above for its exact safe version.

Additional information

NVD record
https://support.zabbix.com/browse/ZBX-22589Advisory
https://support.zabbix.com/browse/ZBX-22589Advisory
https://lists.debian.org/debian-lts-announce/2024/10/msg00000.html