CVE-2024-22116

Source
https://nvd.nist.gov/vuln/detail/CVE-2024-22116
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-22116.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-22116
Related
Published
2024-08-12T13:38:15Z
Modified
2024-10-03T19:49:53.442523Z
Summary
[none]
Details

An administrator with restricted permissions can exploit the script execution functionality within the Monitoring Hosts section. The lack of default escaping for script parameters enabled this user ability to execute arbitrary code via the Ping script, thereby compromising infrastructure.

References

Affected packages

Debian:11 / zabbix

Package

Name
zabbix
Purl
pkg:deb/debian/zabbix?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:5.0.44+dfsg-1+deb11u1

Affected versions

1:5.*

1:5.0.8+dfsg-1
1:5.0.14+dfsg-1~bpo11+1
1:5.0.14+dfsg-1
1:5.0.17+dfsg-1~bpo11+1
1:5.0.17+dfsg-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / zabbix

Package

Name
zabbix
Purl
pkg:deb/debian/zabbix?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1:6.*

1:6.0.14+dfsg-1
1:6.0.23+dfsg-1~bpo12+1
1:6.0.23+dfsg-1
1:6.0.24+dfsg-1
1:6.0.25+dfsg-1
1:6.0.29+dfsg-1

1:7.*

1:7.0.0+dfsg-1
1:7.0.0+dfsg-2~bpo12+1
1:7.0.0+dfsg-2
1:7.0.1+dfsg-1~bpo12+1
1:7.0.1+dfsg-1
1:7.0.2+dfsg-1~bpo12+1
1:7.0.2+dfsg-1
1:7.0.3+dfsg-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / zabbix

Package

Name
zabbix
Purl
pkg:deb/debian/zabbix?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:7.0.0+dfsg-1

Affected versions

1:6.*

1:6.0.14+dfsg-1
1:6.0.23+dfsg-1~bpo12+1
1:6.0.23+dfsg-1
1:6.0.24+dfsg-1
1:6.0.25+dfsg-1
1:6.0.29+dfsg-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}