Bugzilla – Bug 1216222
VUL-0: CVE-2023-32721: zabbix: A stored XSS has been found in the Zabbix web application in the Maps element if a URL field is set with spaces before URL.
Last modified: 2023-10-17 21:05:31 UTC
A stored XSS has been found in the Zabbix web application in the Maps element if a URL field is set with spaces before URL. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-32721
https://support.zabbix.com/browse/ZBX-23389 Affected version/s and fix version/s: * 4.0.0 - 4.0.47 / 4.0.48rc1 * 5.0.0 - 5.0.36 / 5.0.37rc1 * 6.0.0 - 6.0.20 / 6.0.21rc1 * 6.4.0 - 6.4.5 / 6.4.6rc1 * 7.0.0alpha1 - 7.0.0alpha3 / 7.0.0alpha4 The maintained SUSE code stream is only used to publish the zabbix-agent, therefore SLE-12 is not affected. SUSE:SLE-12-SP3:Update zabbix-4.0.12 The maintained openSUSE versions is 4.0.47 and needs to be fixed. openSUSE:Backports:SLE-15-SP5 zabbix-4.0.47 openSUSE:Backports:SLE-15-SP6 zabbix-4.0.47 The openSUSE:Backports:SLE-15-SP6 could still be updated to a higher version. It's still possible to submit to the GA branch.
@Boris: Could yo prepare a submission?
(In reply to Alexander Bergmann from comment #2) > @Boris: Could yo prepare a submission? It is in pipeline now waiting to be pushed https://build.opensuse.org/request/show/1118376