CVE-2024-42330 — CRITICAL (9.1)

Q: How severe is CVE-2024-42330?

CVE-2024-42330 has been rated CRITICAL with a CVSS base score of 9.1/10. This is considered a critical vulnerability requiring immediate attention.

Q: Is there a patch for CVE-2024-42330?

Check the references section above for vendor advisories and patch information. Affected products include: Zabbix Zabbix.

Vulnerability Description

The HttpRequest object allows to get the HTTP headers from the server's response after sending the request. The problem is that the returned strings are created directly from the data returned by the server and are not correctly encoded for JavaScript. This allows to create internal strings that can be used to access hidden properties of objects.

CVSS Score

9.1

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Zabbix	Zabbix	>= 5.0.0, < 5.4.6

Related Weaknesses (CWE)

CWE-134

References

FAQ

What is CVE-2024-42330?

CVE-2024-42330 is a vulnerability with a CVSS score of 9.1 (CRITICAL). The HttpRequest object allows to get the HTTP headers from the server's response after sending the request. The problem is that the returned strings are created directly from the data returned by the ...

How severe is CVE-2024-42330?

CVE-2024-42330 has been rated CRITICAL with a CVSS base score of 9.1/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2024-42330?

Check the references section above for vendor advisories and patch information. Affected products include: Zabbix Zabbix.