CVE-2024-22117

Summary

When a URL is added to the map element, it is recorded in the database with sequential IDs. Upon adding a new URL, the system retrieves the last sysmapelementurlid value and increments it by one. However, an issue arises when a user manually changes the sysmapelementurlid value by adding sysmapelementurlid + 1. This action prevents others from adding URLs to the map element.

Affected Software

VendorProductVersion RangeStatus
ZabbixZabbix5,0,0 <= 5.0.43affected
ZabbixZabbix6.0.0 <= 6.0.33affected
ZabbixZabbix6.4.0 <= 6.4.18affected
ZabbixZabbix7.0.0 <= 7.0.3affected

Weaknesses

  • CWE-20: CWE-20 Improper Input Validation

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References