Vulnerabilities > CVE-2023-29450 - Files or Directories Accessible to External Parties vulnerability in Zabbix

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
NONE
Availability impact
NONE
network
low complexity
zabbix
CWE-552
NVD
Published: 2023-07-13
Updated: 2023-08-22

Summary

JavaScript pre-processing can be used by the attacker to gain access to the file system (read-only access on behalf of user "zabbix") on the Zabbix Server or Zabbix Proxy, potentially leading to unauthorized access to sensitive data.

Vulnerable Configurations

Part Description Count
Application
Zabbix
784

Common Weakness Enumeration (CWE)

References