CVE-2023-29450 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2023-29450 Interim 1 6 2025-02-16T02:16:20Z current 2023-07-14T23:18:13Z 2025-02-16T02:16:20Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2023-29450 JavaScript pre-processing can be used by the attacker to gain access to the file system (read-only access on behalf of user "zabbix") on the Zabbix Server or Zabbix Proxy, potentially leading to unauthorized access to sensitive data. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.suse.com/pipermail/sle-updates/2023-July/030646.html E-Mail link for SUSE-SU-2023:3029-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Linux Enterprise Server 12 SP3-LTSS-TERADATA SUSE Linux Enterprise Server 12 SP3-TERADATA SUSE Linux Enterprise Server 12 SP5 SUSE Linux Enterprise Server for SAP Applications 12 SP5 zabbix-agent-4.0.12-4.24.1 zabbix-agent-4.0.12-4.24.1 as a component of SUSE Linux Enterprise Server 12 SP3-LTSS-TERADATA zabbix-agent-4.0.12-4.24.1 as a component of SUSE Linux Enterprise Server 12 SP3-TERADATA zabbix-agent-4.0.12-4.24.1 as a component of SUSE Linux Enterprise Server 12 SP5 zabbix-agent-4.0.12-4.24.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 JavaScript pre-processing can be used by the attacker to gain access to the file system (read-only access on behalf of user "zabbix") on the Zabbix Server or Zabbix Proxy, potentially leading to unauthorized access to sensitive data. CVE-2023-29450 SUSE Linux Enterprise Server 12 SP3-LTSS-TERADATA:zabbix-agent-4.0.12-4.24.1 SUSE Linux Enterprise Server 12 SP3-TERADATA:zabbix-agent-4.0.12-4.24.1 SUSE Linux Enterprise Server 12 SP5:zabbix-agent-4.0.12-4.24.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:zabbix-agent-4.0.12-4.24.1 important 8.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H