{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2023-29450","assignerOrgId":"72de3e22-0555-4a0d-ae81-9249e0f0a1e8","state":"PUBLISHED","assignerShortName":"Zabbix","dateReserved":"2023-04-06T18:04:44.891Z","datePublished":"2023-07-13T08:25:27.911Z","dateUpdated":"2025-11-03T21:47:47.831Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","modules":["Server","Proxy"],"product":"Zabbix","repo":"https://git.zabbix.com/","vendor":"Zabbix","versions":[{"changes":[{"at":"5.0.32rc1","status":"unaffected"}],"lessThanOrEqual":"5.0.31","status":"affected","version":"5.0","versionType":"git"},{"changes":[{"at":"6.0.14rc1 (6.0.16 is recommended)","status":"unaffected"}],"lessThanOrEqual":"6.0.13","status":"affected","version":"6.0","versionType":"git"},{"changes":[{"at":"6.2.8rc1","status":"unaffected"}],"lessThanOrEqual":"6.2.7","status":"affected","version":"6.2","versionType":"git"},{"changes":[{"at":"6.4.0rc2","status":"unaffected"}],"lessThanOrEqual":"6.4.0rc1","status":"affected","version":"6.4","versionType":"git"}]}],"datePublic":"2023-02-23T08:03:00.000Z","descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"JavaScript pre-processing can be used by the attacker to gain access to the file system (read-only access on behalf of user \"zabbix\") on the Zabbix Server or Zabbix Proxy, potentially leading to unauthorized access to sensitive data."}],"value":"JavaScript pre-processing can be used by the attacker to gain access to the file system (read-only access on behalf of user \"zabbix\") on the Zabbix Server or Zabbix Proxy, potentially leading to unauthorized access to sensitive data."}],"impacts":[{"capecId":"CAPEC-410","descriptions":[{"lang":"en","value":"CAPEC-410 Information Elicitation"}]}],"metrics":[{"cvssV3_1":{"attackComplexity":"HIGH","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":8.5,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"LOW","scope":"CHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-200","description":"CWE-200 Exposure of Sensitive Information to an Unauthorized Actor","lang":"en","type":"CWE"}]},{"descriptions":[{"cweId":"CWE-552","description":"CWE-552 Files or Directories Accessible to External Parties","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"72de3e22-0555-4a0d-ae81-9249e0f0a1e8","shortName":"Zabbix","dateUpdated":"2023-08-22T15:06:27.489Z"},"references":[{"url":"https://support.zabbix.com/browse/ZBX-22588"},{"url":"https://lists.debian.org/debian-lts-announce/2023/08/msg00027.html"}],"source":{"discovery":"UNKNOWN"},"title":"Unauthorized limited filesystem access from preprocessing","x_generator":{"engine":"Vulnogram 0.1.0-dev"}},"adp":[{"title":"CVE Program Container","references":[{"url":"https://support.zabbix.com/browse/ZBX-22588","tags":["x_transferred"]},{"url":"https://lists.debian.org/debian-lts-announce/2023/08/msg00027.html","tags":["x_transferred"]},{"url":"https://lists.debian.org/debian-lts-announce/2024/10/msg00000.html"}],"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2025-11-03T21:47:47.831Z"}},{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-11-06T14:20:54.709979Z","id":"CVE-2023-29450","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-11-06T14:21:04.075Z"}}]}}