[Git][security-tracker-team/security-tracker][master] CVE-2024-42328/zabbix not affecting bullseye
Tobias Frost (@tobi)
tobi at debian.org
Fri Dec 6 18:22:10 GMT 2024
Tobias Frost pushed to branch master at Debian Security Tracker / security-tracker
Commits:
32601600 by Tobias Frost at 2024-12-06T19:21:39+01:00
CVE-2024-42328/zabbix not affecting bullseye
vulnerable feature, webdriver, is a new feature of Zabbix 7.0
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1726,10 +1726,12 @@ CVE-2024-42329 (The webdriver for the Browser object expects an error object to
[bullseye] - zabbix <not-affected> (Vulnerable code introduced later)
NOTE: https://support.zabbix.com/browse/ZBX-25625
NOTE: Fixed by (merge commit): https://github.com/zabbix/zabbix/commit/65c4acee83191158522bc75552912fdce2cac9da (7.0.4rc1)
- NOTE: webdriver.c introduced with vesion 7.0.0rc1 commit https://github.com/zabbix/zabbix/commit/4d22c15fe4499602e0da5399e3dd6dc9da03277b
+ NOTE: webdriver introduced with vesion 7.0.0rc1 commit https://github.com/zabbix/zabbix/commit/4d22c15fe4499602e0da5399e3dd6dc9da03277b
CVE-2024-42328 (When the webdriver for the Browser object downloads data from a HTTP s ...)
- zabbix <unfixed> (bug #1088689)
+ [bullseye] - zabbix <not-affected> (Vulnerable code introduced later)
NOTE: https://support.zabbix.com/browse/ZBX-25624
+ NOTE: webdriver introduced with vesion 7.0.0rc1 commit https://github.com/zabbix/zabbix/commit/4d22c15fe4499602e0da5399e3dd6dc9da03277b
CVE-2024-42327 (A non-admin user account on the Zabbix frontend with the default User ...)
- zabbix 1:7.0.1+dfsg-1 (bug #1088689)
NOTE: https://support.zabbix.com/browse/ZBX-25623
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/32601600c13813ea09d2cbf4d15b0d2b192f0c1b
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/32601600c13813ea09d2cbf4d15b0d2b192f0c1b
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241206/ec9f3fd0/attachment.htm>
More information about the debian-security-tracker-commits
mailing list