Vulnerability Description
JavaScript preprocessing, webhooks and global scripts can cause uncontrolled CPU, memory, and disk I/O utilization. Preprocessing/webhook/global script configuration and testing are only available to Administrative roles (Admin and Superadmin). Administrative privileges should be typically granted to users who need to perform tasks that require more control over the system. The security risk is limited because not all users have this level of access.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Zabbix | Zabbix | <= 5.0.31 |
Related Weaknesses (CWE)
References
- https://support.zabbix.com/browse/ZBX-22589Vendor Advisory
- https://lists.debian.org/debian-lts-announce/2024/10/msg00000.html
- https://support.zabbix.com/browse/ZBX-22589Vendor Advisory
FAQ
What is CVE-2023-29449?
CVE-2023-29449 is a vulnerability with a CVSS score of 5.9 (MEDIUM). JavaScript preprocessing, webhooks and global scripts can cause uncontrolled CPU, memory, and disk I/O utilization. Preprocessing/webhook/global script configuration and testing are only available to ...
How severe is CVE-2023-29449?
CVE-2023-29449 has been rated MEDIUM with a CVSS base score of 5.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-29449?
Check the references section above for vendor advisories and patch information. Affected products include: Zabbix Zabbix.