|
Bugzilla – Full Text Bug Listing |
| Summary: | VUL-0: CVE-2023-32721: zabbix: A stored XSS has been found in the Zabbix web application in the Maps element if a URL field is set with spaces before URL. | ||
|---|---|---|---|
| Product: | [Novell Products] SUSE Security Incidents | Reporter: | SMASH SMASH <smash_bz> |
| Component: | Incidents | Assignee: | Boris Manojlovic <boris> |
| Status: | CONFIRMED --- | QA Contact: | Security Team bot <security-team> |
| Severity: | Major | ||
| Priority: | P3 - Medium | CC: | abergmann, boris, gabriele.sonnu |
| Version: | unspecified | ||
| Target Milestone: | --- | ||
| Hardware: | Other | ||
| OS: | Other | ||
| URL: | https://smash.suse.de/issue/381645/ | ||
| Whiteboard: | |||
| Found By: | Security Response Team | Services Priority: | |
| Business Priority: | Blocker: | --- | |
| Marketing QA Status: | --- | IT Deployment: | --- |
|
Description
SMASH SMASH
2023-10-13 13:11:50 UTC
https://support.zabbix.com/browse/ZBX-23389 Affected version/s and fix version/s: * 4.0.0 - 4.0.47 / 4.0.48rc1 * 5.0.0 - 5.0.36 / 5.0.37rc1 * 6.0.0 - 6.0.20 / 6.0.21rc1 * 6.4.0 - 6.4.5 / 6.4.6rc1 * 7.0.0alpha1 - 7.0.0alpha3 / 7.0.0alpha4 The maintained SUSE code stream is only used to publish the zabbix-agent, therefore SLE-12 is not affected. SUSE:SLE-12-SP3:Update zabbix-4.0.12 The maintained openSUSE versions is 4.0.47 and needs to be fixed. openSUSE:Backports:SLE-15-SP5 zabbix-4.0.47 openSUSE:Backports:SLE-15-SP6 zabbix-4.0.47 The openSUSE:Backports:SLE-15-SP6 could still be updated to a higher version. It's still possible to submit to the GA branch. @Boris: Could yo prepare a submission? (In reply to Alexander Bergmann from comment #2) > @Boris: Could yo prepare a submission? It is in pipeline now waiting to be pushed https://build.opensuse.org/request/show/1118376 |