Source: zabbix X-Debbugs-CC: t...@security.debian.org Severity: normal Tags: security
Hi, The following vulnerabilities were published for zabbix. CVE-2022-46768[0]: | Arbitrary file read vulnerability exists in Zabbix Web Service Report | Generation, which listens on the port 10053. The service does not have | proper validation for URL parameters before reading the files. https://support.zabbix.com/browse/ZBX-22087 CVE-2022-43515[1]: | Zabbix Frontend provides a feature that allows admins to maintain the | installation and ensure that only certain IP addresses can access it. | In this way, any user will not be able to access the Zabbix Frontend | while it is being maintained and possible sensitive data will be | prevented from being disclosed. An attacker can bypass this protection | and access the instance using IP address not listed in the defined | range. https://support.zabbix.com/browse/ZBX-22050 If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2022-46768 https://www.cve.org/CVERecord?id=CVE-2022-46768 [1] https://security-tracker.debian.org/tracker/CVE-2022-43515 https://www.cve.org/CVERecord?id=CVE-2022-43515 Please adjust the affected versions in the BTS as needed.
