ELA-595-1 zabbix security update

reflected XSS

2022-04-11
Packagezabbix
Version1:2.2.23+dfsg-0+deb8u4
Related CVEs CVE-2022-24349 CVE-2022-24917 CVE-2022-24919


Several security vulnerabilities have been discovered in zabbix, a network monitoring solution. An authenticated user can create a link with reflected Javascript code inside it for graphs and actions pages and send it to other users. The payload can be executed only with a known CSRF token value of the victim, which is changed periodically and is difficult to predict.



For Debian 8 jessie, these problems have been fixed in version 1:2.2.23+dfsg-0+deb8u4.

We recommend that you upgrade your zabbix packages.

Further information about Extended LTS security advisories can be found in the dedicated section of our website.