Security vulnerabilities in zabbix-web & zabbix-web-service 7.0.22

XMLWordPrintable

    • Type: Defect (Security)
    • Resolution: Unresolved
    • Priority: Trivial
    • None
    • Affects Version/s: 7.0.22
    • Component/s: Frontend (F)
    • None

        1. rpm2cpio zabbix-web-7.0.22-release1.el9.noarch.rpm | cpio -idmv --directory=./zabbix-web-7.0.22/*

      grype --by-cve --only-fixed zabbix-web-7.0.22/
      ✔ Indexed file system                                                                                                                                                                                               zabbix-web-7.0.22 
      ✔ Cataloged contents                                                                                                                                                                             e8d4b5b9649b1169d553b058293cfc43de33a140dc0fc0fdf2762fbf7d455e09 
         ├── ✔ Packages                        [11 packages]  
         ├── ✔ File digests                    [2 files]  
         ├── ✔ File metadata                   [2 locations]  
         └── ✔ Executables                     [0 executables]  
      ✔ Scanned for vulnerabilities     [2 vulnerability matches]  
         ├── by severity: 1 critical, 0 high, 1 medium, 0 low, 0 negligible
         └── by status:   2 fixed, 0 not-fixed, 0 ignored [0000]  WARN no explicit name and version provided for directory source, deriving artifact ID from the given path (which is not ideal) from=syft
      NAME                    INSTALLED  FIXED IN  TYPE          VULNERABILITY        SEVERITY  EPSS         RISK   
      robrichards/xmlseclibs  3.1.1      3.1.4     php-composer  CVE-2025-66578       Medium    0.1% (29th)  < 0.1  
      onelogin/php-saml       4.0.0      4.3.1     php-composer  GHSA-5j8p-438x-rgg5  Critical  N/A          N/A

        1. rpm2cpio zabbix-web-service-7.0.22-release1.el9.x86_64.rpm | cpio -idmv --directory=./zabbix-web-service-7.0.22/*

      grype --by-cve --only-fixed zabbix-web-service-7.0.22
       ✔ Vulnerability DB                [updated]
       ✔ Indexed file system                                                                                                                                                               zabbix-web-service-7.0.22
       ✔ Cataloged contents                                                                                                                         9df35aa5bb369d312023f007b62ff45769f4b56c4ebf783de368386ac623ba95
         ├── ✔ Packages                        [11 packages]
         ├── ✔ Executables                     [1 executables]
         ├── ✔ File digests                    [1 files]
         └── ✔ File metadata                   [1 locations]
       ✔ Scanned for vulnerabilities     [2 vulnerability matches]
         ├── by severity: 0 critical, 1 high, 1 medium, 0 low, 0 negligible
         └── by status:   2 fixed, 0 not-fixed, 0 ignored [0000]  WARN no explicit name and version provided for directory source, deriving artifact ID from the given path (which is not ideal) from=syft
      NAME    INSTALLED  FIXED IN         TYPE       VULNERABILITY   SEVERITY  EPSS          RISK
      stdlib  go1.24.10  1.24.11, 1.25.5  go-module  CVE-2025-61729  High      < 0.1% (2nd)  < 0.1
      stdlib  go1.24.10  1.24.11, 1.25.5  go-module  CVE-2025-61727  Medium    < 0.1% (0th)  < 0.1

       

      Is there a date for the fix? Thanks

            Assignee:
            Janis Nulle
            Reporter:
            Diogo Azevedo
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated: