Uploaded image for project: 'ZABBIX BUGS AND ISSUES'
  1. ZABBIX BUGS AND ISSUES
  2. ZBX-25018

Direct access to memory pointers within the JS engine for modification (CVE-2024-36461)

XMLWordPrintable

      Mitre ID CVE-2024-36461
      CVSS score 9.1
      CVSS vector https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:H
      Severity Critical
      Summary Direct access to memory pointers within the JS engine for modification
      Description Within Zabbix, users could directly modify memory pointers in the JavaScript engine.
      Common Weakness Enumeration (CWE) CWE-822 Untrusted Pointer Dereference
      Common Attack Pattern Enumeration and Classification (CAPEC) CAPEC-253 Remote Code Inclusion
      Known attack vectors This vulnerability allows users with access to a single item configuration (limited role) to compromise the whole infrastructure of the monitoring solution by remote code execution.
      Details The following report is a continuation of the previous finding (2088108): https://nvd.nist.gov/vuln/detail/CVE-2023-32724
      JS engine memory pointers are directly available for Zabbix users for modification. Memory pointer is located in a property of the ducktape object (https://git.zabbix.com/projects/ZBX/repos/zabbix/browse/src/libs/zbxembed/browser_element.c#45). 
      Patch provided  No
      Component/s Server
      Affected and fixed version/s 6.0.0 - 6.0.30 / 6.0.31rc1
      6.4.0 - 6.4.15 / 6.4.16rc1
      7.0.0alpha1 - 7.0.0 / 7.0.1rc1
      Fix compatibility tests -
      Resolution Fixed
      Workarounds -
      Acknowledgements Zabbix extends its gratitude to Pavel Voit (pavelvoit) for submitting this report on the HackerOne bug bounty platform

            zabbix.support Zabbix Support Team
            mmelnikovs Maris Melnikovs (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: