[Git][security-tracker-team/security-tracker][master] Triaging CVE-2024-423277/zabbix

Tobias Frost (@tobi) tobi at debian.org
Sun Dec 1 17:55:04 GMT 2024



Tobias Frost pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e29946b2 by Tobias Frost at 2024-12-01T18:53:44+01:00
Triaging CVE-2024-423277/zabbix

Upstream ticket ZBX-25623 refers to DEV-3776 ("fixed SQL injection in
user.get API")

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -488,6 +488,7 @@ CVE-2024-42328 (When the webdriver for the Browser object downloads data from a
 CVE-2024-42327 (A non-admin user account on the Zabbix frontend with the default User  ...)
 	- zabbix <unfixed> (bug #1088689)
 	NOTE: https://support.zabbix.com/browse/ZBX-25623
+	NOTE: fixed in 6.0.32rc1 by https://github.com/zabbix/zabbix/commit/39ff97dbf6f229a1b9c4f38db061aa73dd680828 (6.0.x)
 CVE-2024-42326 (There was discovered a use after free bug in browser.c in the es_brows ...)
 	- zabbix <unfixed> (bug #1088689)
 	NOTE: https://support.zabbix.com/browse/ZBX-25622



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e29946b229251ddcea67d9118ab0bf995efe903c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e29946b229251ddcea67d9118ab0bf995efe903c
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241201/3ccc5d1e/attachment-0001.htm>


More information about the debian-security-tracker-commits mailing list