Known Vulnerabilities
CVE-2023-32725
The website configured in the URL widget will receive a session cookie when testing or executing scheduled reports. The received session cookie can then be used to access the frontend as the particular user.
CRITICAL
CVSS 9.6
Published Dec 18, 2023
CVE-2023-32724
Memory pointer is in a property of the Ducktape object. This leads to multiple vulnerabilities related to direct memory access and manipulation.
CRITICAL
CVSS 9.1
Published Oct 12, 2023
CVE-2023-32722
The zabbix/src/libs/zbxjson module is vulnerable to a buffer overflow when parsing JSON files via zbx_json_open.
CRITICAL
CVSS 9.6
Published Oct 12, 2023
CVE-2023-32721
A stored XSS has been found in the Zabbix web application in the Maps element if a URL field is set with spaces before URL.
HIGH
CVSS 7.6
Published Oct 12, 2023