We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2024-22117

Value of sysmap_element_url can be de-synchronized causing the map element to crash when new URLs is added



Description

When a URL is added to the map element, it is recorded in the database with sequential IDs. Upon adding a new URL, the system retrieves the last sysmapelementurlid value and increments it by one. However, an issue arises when a user manually changes the sysmapelementurlid value by adding sysmapelementurlid + 1. This action prevents others from adding URLs to the map element.

Reserved 2024-01-05 | Published 2024-11-26 | Updated 2024-11-26 | Assigner Zabbix


LOW: 2.2CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L

Problem types

CWE-20 Improper Input Validation

Product status

Default status
unaffected

5,0,0
affected

6.0.0
affected

6.4.0
affected

7.0.0
affected

Credits

Zabbix wants to thank prasetia (prasetia) for submitting this report on the HackerOne bug bounty platform reporter

References

support.zabbix.com/browse/ZBX-25610

cve.org (CVE-2024-22117)

nvd.nist.gov (CVE-2024-22117)

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2024-22117

Support options

Helpdesk Chat, Email, Knowledgebase
Telegram Chat
Subscribe to our newsletter to learn more about our work.