-
Defect (Security)
-
Resolution: Fixed
-
Critical
-
6.0.30, 6.4.15, 7.0.0
-
None
| Mitre ID | CVE-2024-36461 |
| CVSS score | 9.1 |
| CVSS vector | https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:H |
| Severity | Critical |
| Summary | Direct access to memory pointers within the JS engine for modification |
| Description | Within Zabbix, users could directly modify memory pointers in the JavaScript engine. |
| Common Weakness Enumeration (CWE) | CWE-822 Untrusted Pointer Dereference |
| Common Attack Pattern Enumeration and Classification (CAPEC) | CAPEC-253 Remote Code Inclusion |
| Known attack vectors | This vulnerability allows users with access to a single item configuration (limited role) to compromise the whole infrastructure of the monitoring solution by remote code execution. |
| Details | The following report is a continuation of the previous finding (2088108): https://nvd.nist.gov/vuln/detail/CVE-2023-32724 JS engine memory pointers are directly available for Zabbix users for modification. Memory pointer is located in a property of the ducktape object (https://git.zabbix.com/projects/ZBX/repos/zabbix/browse/src/libs/zbxembed/browser_element.c#45). |
| Patch provided | No |
| Component/s | Server |
| Affected and fixed version/s | 6.0.0 - 6.0.30 / 6.0.31rc1 6.4.0 - 6.4.15 / 6.4.16rc1 7.0.0alpha1 - 7.0.0 / 7.0.1rc1 |
| Fix compatibility tests | - |
| Resolution | Fixed |
| Workarounds | - |
| Acknowledgements | Zabbix extends its gratitude to Pavel Voit (pavelvoit) for submitting this report on the HackerOne bug bounty platform |