CVE-2024-22117

Name
CVE-2024-22117
Description
When a URL is added to the map element, it is recorded in the database with sequential IDs. Upon adding a new URL, the system retrieves the last sysmapelementurlid value and increments it by one. However, an issue arises when a user manually changes the sysmapelementurlid value by adding sysmapelementurlid + 1. This action prevents others from adding URLs to the map element.
NVD Severity
unknown
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
https://support.zabbix.com/browse/ZBX-25610

Match rules

CPE URI Source package Min version Max version
zabbix >= 5,0,0 <= 5.0.43
zabbix >= 6.0.0 <= 6.0.33
zabbix >= 6.4.0 <= 6.4.18
zabbix >= 7.0.0 <= 7.0.3
cpe:2.3:a:zabbix:zabbix:*:*:*:*:*:*:*:* zabbix >= 5.0.0 < 5.0.44
cpe:2.3:a:zabbix:zabbix:*:*:*:*:*:*:*:* zabbix >= 6.0.0 < 6.0.34
cpe:2.3:a:zabbix:zabbix:*:*:*:*:*:*:*:* zabbix >= 6.4.0 < 6.4.19
cpe:2.3:a:zabbix:zabbix:*:*:*:*:*:*:*:* zabbix >= 7.0.0 < 7.0.4

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
zabbix edge-community 7.0.1-r0 Kevin Daudt <kdaudt@alpinelinux.org> possibly vulnerable
zabbix 3.22-community 7.0.1-r0 None possibly vulnerable
zabbix 3.20-community 6.4.18-r0 Kevin Daudt <kdaudt@alpinelinux.org> possibly vulnerable