{"id":"CVE-2023-29450","details":"JavaScript pre-processing can be used by the attacker to gain access to the file system (read-only access on behalf of user \"zabbix\") on the Zabbix Server or Zabbix Proxy, potentially leading to unauthorized access to sensitive data.","modified":"2026-03-14T14:56:35.462693Z","published":"2023-07-13T09:15:09.660Z","related":["SUSE-SU-2023:3029-1"],"references":[{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2023/08/msg00027.html"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2024/10/msg00000.html"},{"type":"ADVISORY","url":"https://support.zabbix.com/browse/ZBX-22588"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/zabbix/zabbix","events":[{"introduced":"5203d2ea7d901cd33d148f20586e2155901a7faa"},{"last_affected":"287da69c170e558394a71648411fec6b80ff91ab"}],"database_specific":{"versions":[{"introduced":"6.0.0"},{"last_affected":"6.0.15"}]}}],"versions":["6.0.0","6.0.1","6.0.10","6.0.10rc1","6.0.10rc2","6.0.11","6.0.11rc1","6.0.11rc2","6.0.12","6.0.12rc1","6.0.12rc2","6.0.13","6.0.13rc1","6.0.14","6.0.14rc1","6.0.14rc2","6.0.15","6.0.15rc1","6.0.15rc2","6.0.1rc1","6.0.1rc2","6.0.1rc3","6.0.1rc4","6.0.2","6.0.2rc1","6.0.3","6.0.3rc1","6.0.4","6.0.4rc1","6.0.5","6.0.5rc1","6.0.6","6.0.6rc1","6.0.7","6.0.7rc1","6.0.8","6.0.8rc1","6.0.8rc2","6.0.9","6.0.9rc1","6.0.9rc2"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-29450.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"5.0.33"}]},{"events":[{"introduced":"6.4.0"},{"last_affected":"6.4.1"}]},{"events":[{"introduced":"6.4.3"},{"last_affected":"6.4.4"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}]}