Zabbix Security Advisories and CVE database

如何报告安全问题?

Zabbix ID CVE number CVSS score Zabbix ? severity Synopsis Component/s Affected version/s Published
ZBA-2022-04-1 - - - Zabbix products are not affected by vulnerabilities in Spring Framework (CVE-2022-22965 - Spring4Shell) and Spring Cloud Function (CVE-2022-22963) - -
2022 Apr 04
ZBA-2022-03-1 - - - Zabbix products are not affected by CVE-2018-25032 vulnerability in zlib 1.2.11 - -
2022 Mar 28
ZBV-2022-01-2 CVE-2022-24917 3.7 Low Reflected XSS in service configuration window of Zabbix Frontend Frontend 4.0.0-4.0.38
5.0.0-5.0.20
5.4.0-5.4.10
2022 Feb 02
ZBV-2022-01-3 CVE-2022-24918 3.7 Low Reflected XSS in item configuration window of Zabbix Frontend Frontend 5.0.0-5.0.20
5.4.0-5.4.10
6.0
2022 Feb 02
ZBV-2022-01-1 CVE-2022-24349 4.6 Medium Reflected XSS in action configuration window of Zabbix Frontend Frontend 4.0.0-4.0.38
5.0.0-5.0.20
5.4.0-5.4
6.0
2022 Feb 01
ZBV-2022-01-4 CVE-2022-24919 3.7 Low Reflected XSS in graph configuration window of Zabbix Frontend Frontend 4.0.0-4.0.38
5.0.0-5.0.20
5.4.0-5.4.10
6.0
2022 Feb 01
ZBV-2021-12-2 CVE-2022-23134 3.7 Low Possible view of the setup pages by unauthenticated users if config file already exists Frontend 5.4.0 - 5.4.8
6.0.0 - 6.0.0beta1
2021 Dec 20
ZBA-2021-12-4 - - Medium Possible remote code execution in Zabbix Java Gateway with logback 1.2.7 and prior versions Java gateway 2.0-2.X
3.0-3.X
4.0.0 - 4.0.36
5.0.18
5.4.0 -5.4.8
6.0.0alpha1-6.0.0beta1
2021 Dec 16
ZBV-2021-12-3 CVE-2022-23133 6.3 Medium Stored XSS in host groups configuration window in Zabbix Frontend Frontend 5.0.0 – 5.0.18
5.4.0 – 5.4.8
6.0.0alpha1
2021 Dec 08
ZBV-2021-12-5 CVE-2022-23132 3.3 Low Incorrect permissions of [/var/run/zabbix] forces dac_override Proxy,
Server
4.0.0 - 4.0.36
5.0.18
5.4.0 – 5.4.8
6.0.0alpha1-6.0.0alpha7
2021 Dec 01
ZBV-2021-11-1 CVE-2022-23131 9.1 Critical Unsafe client-side session storage leading to authentication bypass/instance takeover via Zabbix Frontend with configured SAML Frontend 5.4.0 - 5.4.8
6.0.0alpha1
2021 Nov 22

Whole history of vulnerabilities