Tobias Frost pushed to branch master at Debian Security Tracker / security-tracker
Commits: c7631825 by Tobias Frost at 2024-01-23T18:59:00+01:00 CVE-2023-32728/zabbix (buster) vulnerable code introduced later. Vulnerable feature was introduced with this ticket: https://support.zabbix.com/browse/ZBXNEXT-6339 Quote: > Available in: > > 5.0.9rc1 1ee48854146 > 5.2.5rc1 68cf640f12d > 5.4.0alpha2 (master) 434243ef35a - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -6419,6 +6419,7 @@ CVE-2023-33214 (Cross-Site Request Forgery (CSRF) vulnerability in Tagbox Tagbox NOT-FOR-US: WordPress plugin CVE-2023-32728 (The Zabbix Agent 2 item key smart.disk.get does not sanitize its param ...) - zabbix 1:6.0.24+dfsg-1 + [buster] - zabbix <not-affected> (Vulnerable code introduced later) NOTE: https://support.zabbix.com/browse/ZBX-23858 NOTE: https://github.com/zabbix/zabbix/commit/51ee1af626f93c1656ee2e37aa3d611b0292c1d8 (6.0.24rc1) NOTE: https://github.com/zabbix/zabbix/commit/f4557473616f455eefe8f303721b4cec473ece4c (6.0.24rc1) @@ -6427,6 +6428,7 @@ CVE-2023-32728 (The Zabbix Agent 2 item key smart.disk.get does not sanitize its NOTE: https://github.com/zabbix/zabbix/commit/09fa80bb16b094e4c17c036868c817f411efe4a0 (6.0.24rc1) NOTE: https://github.com/zabbix/zabbix/commit/7c00b48ab998066962e5275efa50007cb72ea1ac (6.0.24rc1) NOTE: https://github.com/zabbix/zabbix/commit/245fbae6039ebfbd720ab33c0349c82bae242fc9 (6.0.24rc1) + NOTE: Vulnerable feature introduced with version 5.0.9rc1 resp. 5.4.0alpha2 https://support.zabbix.com/browse/ZBXNEXT-6339 CVE-2023-32727 (An attacker who has the privilege to configure Zabbix items can use fu ...) - zabbix 1:6.0.23+dfsg-1 NOTE: https://support.zabbix.com/browse/ZBX-23857 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c7631825c06eb9331e5fcc22abdf7fe9e749b7cb -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c7631825c06eb9331e5fcc22abdf7fe9e749b7cb You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits