[Git][security-tracker-team/security-tracker][master] CVE-2024-22120/zabbix is not affecting bullseye,
Tobias Frost (@tobi)
tobi at debian.org
Sun Sep 29 18:05:43 BST 2024
Tobias Frost pushed to branch master at Debian Security Tracker / security-tracker
Commits:
a7336c6e by Tobias Frost at 2024-09-29T19:04:38+02:00
CVE-2024-22120/zabbix is not affecting bullseye,
vulernable code introduced later, with commit
https://github.com/zabbix/zabbix/commit/6c276d866d3f96689609d70c5893cfff8cac7cd6
first seen in upstream tag 6.0.0alpha1
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -35208,6 +35208,7 @@ CVE-2024-22139 (Authentication Bypass by Spoofing vulnerability in Filipe Seabra
NOT-FOR-US: WordPress plugin
CVE-2024-22120 (Zabbix server can perform command execution for configured scripts. Af ...)
- zabbix 1:6.0.29+dfsg-1 (bug #1072120)
+ [bullseye] - zabbix <not-affected> (Vulnerable code introduced later)
[buster] - zabbix <not-affected> (Vulnerable code introduced later)
NOTE: https://support.zabbix.com/browse/ZBX-24505
NOTE: fixed by https://github.com/zabbix/zabbix/commit/9013ff74985e40aee6b58e2ed67675b87cab0879 (7.0.0beta2)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a7336c6ecf44bd2a121769ead6ce68ceecc9dd0e
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a7336c6ecf44bd2a121769ead6ce68ceecc9dd0e
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240929/d956c8a3/attachment.htm>
More information about the debian-security-tracker-commits
mailing list