Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2022-35229

Published: 6 July 2022

An authenticated user can create a link with reflected Javascript code inside it for the discovery page and send it to other users. The payload can be executed only with a known CSRF token value of the victim, which is changed periodically and is difficult to predict.

Priority

Medium

Cvss 3 Severity Score

5.4

Score breakdown

Status

Package Release Status
zabbix
Launchpad, Ubuntu, Debian 		bionic Needed

focal Needed

impish Ignored
(end of life)
jammy Needed

kinetic Ignored
(end of life, was needs-triage)
lunar Ignored
(end of life, was needs-triage)
mantic Not vulnerable
(6.0.5rc1)
trusty Needed

upstream
Released (4.0.43rc1, 5.0.25rc1, 6.0.5rc1, 6.2.0rc1)
xenial Needed

Patches:
upstream: https://git.zabbix.com/projects/ZBX/repos/zabbix/commits/b546c3f10ce98b0c914e5fc4114bd43042880c3c
upstream: https://git.zabbix.com/projects/ZBX/repos/zabbix/commits/c973e97e9ae5857227712bce30f25f69888615ef
upstream: https://git.zabbix.com/projects/ZBX/repos/zabbix/commits/905f394a6e98c517e69ead63aa955c0dafe08861

Severity score breakdown

Parameter Value
Base score 5.4
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction Required
Scope Changed
Confidentiality Low
Integrity impact Low
Availability impact None
Vector CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

References

Join the discussion

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›

Further reading