Overview
- Description
- JavaScript pre-processing can be used by the attacker to gain access to the file system (read-only access on behalf of user "zabbix") on the Zabbix Server or Zabbix Proxy, potentially leading to unauthorized access to sensitive data.
- Source
- security@zabbix.com
- NVD status
- Modified
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 7.5
- Impact score
- 3.6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
- Severity
- HIGH
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zabbix:zabbix:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F04570DF-A096-42C3-B16D-1B134B009F3D",
"versionEndIncluding": "5.0.33"
},
{
"criteria": "cpe:2.3:a:zabbix:zabbix:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "221530A4-AB8C-434C-BB41-F5A5E98317B4",
"versionEndIncluding": "6.0.15",
"versionStartIncluding": "6.0.0"
},
{
"criteria": "cpe:2.3:a:zabbix:zabbix:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9FB7A41B-6B72-4A37-8A30-AA23BADAE942",
"versionEndIncluding": "6.4.1",
"versionStartIncluding": "6.4.0"
},
{
"criteria": "cpe:2.3:a:zabbix:zabbix:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D5B6F1C5-A8C8-4F4B-848C-5585523280E0",
"versionEndIncluding": "6.4.4",
"versionStartIncluding": "6.4.3"
}
],
"operator": "OR"
}
]
}
]