Zabbix Security Advisories and CVE database

如何报告安全问题?
Zabbix ID CVE number CVSS score Zabbix ? severity Synopsis Component/s Affected version/s Published
ZBV-2022-12-1 CVE-2022-43516 6.5 Medium Zabbix Agent installer adds “allow all TCP any any” firewall rule Agent,
Agent2
MSI pkg. (29.oct.22 - 2.dec.22)
01-01-1
ZBA-2022-10-1 - - High Some Zabbix products are affected by CVE-2022-3786 and CVE-2022-3602 vulnerabilities in OpenSSL Agent,
Containers,
Packages
<=v6.0.8 (Solaris)
all versions <=31/Oct/2022
2022 Oct 31
ZBV-2022-10-1 CVE-2022-43515 5.3 Medium X-Forwarded-For header is active by default causes access to Zabbix sites in maintenance mode Frontend 4.0.0-4.0.44
5.0.0-5.0.29
6.0.0-6.0.9
6.2.0-6.2.4
2022 Oct 18
ZBV-2022-09-1 CVE-2022-46768 5.9 Medium File name information disclosure vulnerability in Zabbix Web Service Report Generation Report generation 6.0.0-6.0.11
6.2.0-6.2.5
2022 Sep 21
ZBA-2022-07-1 - - - Zabbix products are not affected by CVE-2022-2068 vulnerability in OpenSSL - -
2022 Jul 26
ZBV-2022-07-1 CVE-2022-40626 4.8 Medium Reflected XSS in action configuration window of Zabbix Frontend Frontend 6.0.0-6.0.6
6.2.0
2022 Jul 08
ZBV-2022-04-1 CVE-2022-35229 3.7 Low Reflected XSS in discovery page of Zabbix Frontend Frontend =>4.0.0
5.0.0-5.0.24
6.0.0-6.0.4
6.2alpha1-6.2beta3
2022 Apr 27
ZBV-2022-04-2 CVE-2022-35230 3.7 Low Reflected XSS in graphs page of Zabbix Frontend Frontend =>4.0.23rc1
5.0.0-5.0.24
2022 Apr 27
ZBA-2022-04-1 - - - Zabbix products are not affected by vulnerabilities in Spring Framework (CVE-2022-22965 - Spring4Shell) and Spring Cloud Function (CVE-2022-22963) - -
2022 Apr 04
ZBA-2022-03-1 - - - Zabbix products are not affected by CVE-2018-25032 vulnerability in zlib 1.2.11 - -
2022 Mar 28
ZBV-2022-01-2 CVE-2022-24917 3.7 Low Reflected XSS in service configuration window of Zabbix Frontend Frontend 4.0.0-4.0.38
5.0.0-5.0.20
5.4.0-5.4.10
2022 Feb 02
ZBV-2022-01-3 CVE-2022-24918 3.7 Low Reflected XSS in item configuration window of Zabbix Frontend Frontend 5.0.0-5.0.20
5.4.0-5.4.10
6.0
2022 Feb 02
ZBV-2022-01-1 CVE-2022-24349 4.6 Medium Reflected XSS in action configuration window of Zabbix Frontend Frontend 4.0.0-4.0.38
5.0.0-5.0.20
5.4.0-5.4
6.0
2022 Feb 01
ZBV-2022-01-4 CVE-2022-24919 3.7 Low Reflected XSS in graph configuration window of Zabbix Frontend Frontend 4.0.0-4.0.38
5.0.0-5.0.20
5.4.0-5.4.10
6.0
2022 Feb 01
ZBV-2021-12-2 CVE-2022-23134 3.7 Low Possible view of the setup pages by unauthenticated users if config file already exists Frontend 5.4.0 - 5.4.8
6.0.0 - 6.0.0beta1
2021 Dec 20
ZBA-2021-12-4 - - Medium Possible remote code execution in Zabbix Java Gateway with logback 1.2.7 and prior versions Java gateway 2.0-2.X
3.0-3.X
4.0.0 - 4.0.36
5.0.18
5.4.0 -5.4.8
6.0.0alpha1-6.0.0beta1
2021 Dec 16
ZBV-2021-12-3 CVE-2022-23133 6.3 Medium Stored XSS in host groups configuration window in Zabbix Frontend Frontend 5.0.0 – 5.0.18
5.4.0 – 5.4.8
6.0.0alpha1
2021 Dec 08
ZBV-2021-12-5 CVE-2022-23132 3.3 Low Incorrect permissions of [/var/run/zabbix] forces dac_override Proxy,
Server
4.0.0 - 4.0.36
5.0.18
5.4.0 – 5.4.8
6.0.0alpha1-6.0.0alpha7
2021 Dec 01
ZBV-2021-11-1 CVE-2022-23131 9.1 Critical Unsafe client-side session storage leading to authentication bypass/instance takeover via Zabbix Frontend with configured SAML Frontend 5.4.0 - 5.4.8
6.0.0alpha1
2021 Nov 22

Whole history of vulnerabilities