First published: Thu Apr 25 2024(Updated: )
It was discovered that Zabbix incorrectly handled input data in the discovery and graphs pages. A remote authenticated attacker could possibly use this issue to perform reflected cross-site scripting (XSS) attacks. (CVE-2022-35229, CVE-2022-35230)
Affected Software | Affected Version | How to fix |
---|---|---|
All of | ||
ubuntu/zabbix-agent | <1:5.0.17+dfsg-1ubuntu0.1~esm1 | 1:5.0.17+dfsg-1ubuntu0.1~esm1 |
Ubuntu | =22.04 | |
All of | ||
ubuntu/zabbix-frontend-php | <1:5.0.17+dfsg-1ubuntu0.1~esm1 | 1:5.0.17+dfsg-1ubuntu0.1~esm1 |
Ubuntu | =22.04 | |
All of | ||
ubuntu/zabbix-java-gateway | <1:5.0.17+dfsg-1ubuntu0.1~esm1 | 1:5.0.17+dfsg-1ubuntu0.1~esm1 |
Ubuntu | =22.04 | |
All of | ||
ubuntu/zabbix-proxy-mysql | <1:5.0.17+dfsg-1ubuntu0.1~esm1 | 1:5.0.17+dfsg-1ubuntu0.1~esm1 |
Ubuntu | =22.04 | |
All of | ||
ubuntu/zabbix-proxy-pgsql | <1:5.0.17+dfsg-1ubuntu0.1~esm1 | 1:5.0.17+dfsg-1ubuntu0.1~esm1 |
Ubuntu | =22.04 | |
All of | ||
ubuntu/zabbix-proxy-sqlite3 | <1:5.0.17+dfsg-1ubuntu0.1~esm1 | 1:5.0.17+dfsg-1ubuntu0.1~esm1 |
Ubuntu | =22.04 | |
All of | ||
ubuntu/zabbix-server-mysql | <1:5.0.17+dfsg-1ubuntu0.1~esm1 | 1:5.0.17+dfsg-1ubuntu0.1~esm1 |
Ubuntu | =22.04 | |
All of | ||
ubuntu/zabbix-server-pgsql | <1:5.0.17+dfsg-1ubuntu0.1~esm1 | 1:5.0.17+dfsg-1ubuntu0.1~esm1 |
Ubuntu | =22.04 | |
All of | ||
ubuntu/zabbix-agent | <1:4.0.17+dfsg-1ubuntu0.1~esm2 | 1:4.0.17+dfsg-1ubuntu0.1~esm2 |
Ubuntu | =20.04 | |
All of | ||
ubuntu/zabbix-frontend-php | <1:4.0.17+dfsg-1ubuntu0.1~esm2 | 1:4.0.17+dfsg-1ubuntu0.1~esm2 |
Ubuntu | =20.04 | |
All of | ||
ubuntu/zabbix-java-gateway | <1:4.0.17+dfsg-1ubuntu0.1~esm2 | 1:4.0.17+dfsg-1ubuntu0.1~esm2 |
Ubuntu | =20.04 | |
All of | ||
ubuntu/zabbix-proxy-mysql | <1:4.0.17+dfsg-1ubuntu0.1~esm2 | 1:4.0.17+dfsg-1ubuntu0.1~esm2 |
Ubuntu | =20.04 | |
All of | ||
ubuntu/zabbix-proxy-pgsql | <1:4.0.17+dfsg-1ubuntu0.1~esm2 | 1:4.0.17+dfsg-1ubuntu0.1~esm2 |
Ubuntu | =20.04 | |
All of | ||
ubuntu/zabbix-proxy-sqlite3 | <1:4.0.17+dfsg-1ubuntu0.1~esm2 | 1:4.0.17+dfsg-1ubuntu0.1~esm2 |
Ubuntu | =20.04 | |
All of | ||
ubuntu/zabbix-server-mysql | <1:4.0.17+dfsg-1ubuntu0.1~esm2 | 1:4.0.17+dfsg-1ubuntu0.1~esm2 |
Ubuntu | =20.04 | |
All of | ||
ubuntu/zabbix-server-pgsql | <1:4.0.17+dfsg-1ubuntu0.1~esm2 | 1:4.0.17+dfsg-1ubuntu0.1~esm2 |
Ubuntu | =20.04 | |
All of | ||
ubuntu/zabbix-agent | <1:3.0.12+dfsg-1ubuntu0.1~esm4 | 1:3.0.12+dfsg-1ubuntu0.1~esm4 |
Ubuntu | =18.04 | |
All of | ||
ubuntu/zabbix-frontend-php | <1:3.0.12+dfsg-1ubuntu0.1~esm4 | 1:3.0.12+dfsg-1ubuntu0.1~esm4 |
Ubuntu | =18.04 | |
All of | ||
ubuntu/zabbix-java-gateway | <1:3.0.12+dfsg-1ubuntu0.1~esm4 | 1:3.0.12+dfsg-1ubuntu0.1~esm4 |
Ubuntu | =18.04 | |
All of | ||
ubuntu/zabbix-proxy-mysql | <1:3.0.12+dfsg-1ubuntu0.1~esm4 | 1:3.0.12+dfsg-1ubuntu0.1~esm4 |
Ubuntu | =18.04 | |
All of | ||
ubuntu/zabbix-proxy-pgsql | <1:3.0.12+dfsg-1ubuntu0.1~esm4 | 1:3.0.12+dfsg-1ubuntu0.1~esm4 |
Ubuntu | =18.04 | |
All of | ||
ubuntu/zabbix-proxy-sqlite3 | <1:3.0.12+dfsg-1ubuntu0.1~esm4 | 1:3.0.12+dfsg-1ubuntu0.1~esm4 |
Ubuntu | =18.04 | |
All of | ||
ubuntu/zabbix-server-mysql | <1:3.0.12+dfsg-1ubuntu0.1~esm4 | 1:3.0.12+dfsg-1ubuntu0.1~esm4 |
Ubuntu | =18.04 | |
All of | ||
ubuntu/zabbix-server-pgsql | <1:3.0.12+dfsg-1ubuntu0.1~esm4 | 1:3.0.12+dfsg-1ubuntu0.1~esm4 |
Ubuntu | =18.04 | |
All of | ||
ubuntu/zabbix-agent | <1:2.4.7+dfsg-2ubuntu2.1+esm4 | 1:2.4.7+dfsg-2ubuntu2.1+esm4 |
Ubuntu | =16.04 | |
All of | ||
ubuntu/zabbix-frontend-php | <1:2.4.7+dfsg-2ubuntu2.1+esm4 | 1:2.4.7+dfsg-2ubuntu2.1+esm4 |
Ubuntu | =16.04 | |
All of | ||
ubuntu/zabbix-java-gateway | <1:2.4.7+dfsg-2ubuntu2.1+esm4 | 1:2.4.7+dfsg-2ubuntu2.1+esm4 |
Ubuntu | =16.04 | |
All of | ||
ubuntu/zabbix-proxy-mysql | <1:2.4.7+dfsg-2ubuntu2.1+esm4 | 1:2.4.7+dfsg-2ubuntu2.1+esm4 |
Ubuntu | =16.04 | |
All of | ||
ubuntu/zabbix-proxy-pgsql | <1:2.4.7+dfsg-2ubuntu2.1+esm4 | 1:2.4.7+dfsg-2ubuntu2.1+esm4 |
Ubuntu | =16.04 | |
All of | ||
ubuntu/zabbix-proxy-sqlite3 | <1:2.4.7+dfsg-2ubuntu2.1+esm4 | 1:2.4.7+dfsg-2ubuntu2.1+esm4 |
Ubuntu | =16.04 | |
All of | ||
ubuntu/zabbix-server-mysql | <1:2.4.7+dfsg-2ubuntu2.1+esm4 | 1:2.4.7+dfsg-2ubuntu2.1+esm4 |
Ubuntu | =16.04 | |
All of | ||
ubuntu/zabbix-server-pgsql | <1:2.4.7+dfsg-2ubuntu2.1+esm4 | 1:2.4.7+dfsg-2ubuntu2.1+esm4 |
Ubuntu | =16.04 | |
All of | ||
ubuntu/zabbix-agent | <1:2.2.2+dfsg-1ubuntu1+esm5 | 1:2.2.2+dfsg-1ubuntu1+esm5 |
Ubuntu | =14.04 | |
All of | ||
ubuntu/zabbix-frontend-php | <1:2.2.2+dfsg-1ubuntu1+esm5 | 1:2.2.2+dfsg-1ubuntu1+esm5 |
Ubuntu | =14.04 | |
All of | ||
ubuntu/zabbix-java-gateway | <1:2.2.2+dfsg-1ubuntu1+esm5 | 1:2.2.2+dfsg-1ubuntu1+esm5 |
Ubuntu | =14.04 | |
All of | ||
ubuntu/zabbix-proxy-mysql | <1:2.2.2+dfsg-1ubuntu1+esm5 | 1:2.2.2+dfsg-1ubuntu1+esm5 |
Ubuntu | =14.04 | |
All of | ||
ubuntu/zabbix-proxy-pgsql | <1:2.2.2+dfsg-1ubuntu1+esm5 | 1:2.2.2+dfsg-1ubuntu1+esm5 |
Ubuntu | =14.04 | |
All of | ||
ubuntu/zabbix-proxy-sqlite3 | <1:2.2.2+dfsg-1ubuntu1+esm5 | 1:2.2.2+dfsg-1ubuntu1+esm5 |
Ubuntu | =14.04 | |
All of | ||
ubuntu/zabbix-server-mysql | <1:2.2.2+dfsg-1ubuntu1+esm5 | 1:2.2.2+dfsg-1ubuntu1+esm5 |
Ubuntu | =14.04 | |
All of | ||
ubuntu/zabbix-server-pgsql | <1:2.2.2+dfsg-1ubuntu1+esm5 | 1:2.2.2+dfsg-1ubuntu1+esm5 |
Ubuntu | =14.04 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of USN-6751-1 is categorized as medium due to its potential for reflected cross-site scripting (XSS) attacks.
To fix USN-6751-1, update your Zabbix packages to versions 1:5.0.17+dfsg-1ubuntu0.1~esm1 or later for Ubuntu 22.04.
The affected packages in USN-6751-1 include zabbix-agent, zabbix-frontend-php, zabbix-java-gateway, zabbix-proxy-mysql, zabbix-proxy-pgsql, zabbix-proxy-sqlite3, zabbix-server-mysql, and zabbix-server-pgsql.
Users of Ubuntu 22.04 running the specified Zabbix packages are affected by USN-6751-1.
Cross-site scripting (XSS) in USN-6751-1 refers to a vulnerability that allows attackers to inject malicious scripts into web pages viewed by other users.