Debian 9899 Published by

A zabbix security update has been released for Debian GNU/Linux 8 Extended LTS to address several security vulnerabilities.



ELA-595-1 zabbix security update

Package : zabbix
Version : 1:2.2.23+dfsg-0+deb8u4

Related CVEs :
CVE-2022-24349
CVE-2022-24917
CVE-2022-24919

Several security vulnerabilities have been discovered in zabbix, a network
monitoring solution. An authenticated user can create a link with reflected
Javascript code inside it for graphs and actions pages and send it to other
users. The payload can be executed only with a known CSRF token value of the
victim, which is changed periodically and is difficult to predict.

ELA-595-1 zabbix security update