[Git][security-tracker-team/security-tracker][master] CVE-2024-36465/zabbix - only 7.0.x is affected

Fri, 18 Apr 2025 08:31:52 -0700 


Tobias Frost pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
b26d6ab9 by Tobias Frost at 2025-04-18T17:31:30+02:00
CVE-2024-36465/zabbix - only 7.0.x is affected

The feature "groupBy" has been introduced with 7.0.0alpha3

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -6134,11 +6134,14 @@ CVE-2024-39780 (A YAML deserialization vulnerability 
was found in the Robot Oper
        NOTE: Fixed by: 
https://github.com/ros/dynamic_reconfigure/commit/9975cc8b55b3039115da6662cc7279cc65303844
 CVE-2024-36469 (Execution time for an unsuccessful login differs when using a 
non-exis ...)
        - zabbix 1:7.0.9+dfsg-1
-       NOTE: https://support.zabbix.com/browse/ZBX-26255
+       NOTE: https://support.zabbix.com/browse/ZBX-2625
 CVE-2024-36465 (A low privilege (regular) Zabbix user with API access can use 
SQL inje ...)
        - zabbix 1:7.0.9+dfsg-1
+       [bookworm] - zabbix <not-affected> (Vulnerable code introduced later)
+       [bullseye] - zabbix <not-affected> (Vulnerable code introduced later)
        NOTE: https://support.zabbix.com/browse/ZBX-26257
        NOTE: Fixed by 
https://github.com/zabbix/zabbix/commit/529eec6957abff2f687c39219fa7a4a739d094c1
 (7.0.8rc2)
+       NOTE: "groupBy" feature introduced with 
https://github.com/zabbix/zabbix/commit/8a4e40ca6ff3b6be5c4144aaabf25cba315f5f4c
 (7.0.0alpha3)
 CVE-2024-13941 (A vulnerability was found in ouch-org ouch up to 0.3.1. It has 
been cl ...)
        NOT-FOR-US: ouch-org ouch
 CVE-2023-46988 (Path Traversal vulnerability in ONLYOFFICE Document Server 
before v8.0 ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b26d6ab91e95084d24fe212f0bb9106eba20ea7b

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b26d6ab91e95084d24fe212f0bb9106eba20ea7b
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to