CVE-2024-42330

JS - Internal strings in HTTP headers

Severity Score

9.1

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track*

*SSVC

Descriptions

The HttpRequest object allows to get the HTTP headers from the server's response after sending the request. The problem is that the returned strings are created directly from the data returned by the server and are not correctly encoded for JavaScript. This allows to create internal strings that can be used to access hidden properties of objects.

El objeto HttpRequest permite obtener los encabezados HTTP de la respuesta del servidor después de enviar la solicitud. El problema es que las cadenas devueltas se crean directamente a partir de los datos devueltos por el servidor y no están codificadas correctamente para JavaScript. Esto permite crear cadenas internas que se pueden usar para acceder a propiedades ocultas de los objetos.

*Credits: Zabbix wants to thank zhutyra for submitting this report on the HackerOne bug bounty platform.

CVSS Scores

Zabbixv3.1 9.1

Attack Vector

Network

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:Track*

Exploitation

None

Automatable

Tech. Impact

Total

* Organization's Worst-case Scenario

Timeline

2024-07-30 CVE Reserved
2024-11-27 CVE Published
2024-11-27 CVE Updated
2024-11-28 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-134: Use of Externally-Controlled Format String

CAPEC

CAPEC-100: Overflow Buffers
CAPEC-253: Remote Code Inclusion

References (1)

URL	Tag	Source
https://support.zabbix.com/browse/ZBX-25626

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Zabbix Search vendor "Zabbix"		Zabbix Search vendor "Zabbix" for product "Zabbix"				>= 6.0.0 <= 6.0.33 Search vendor "Zabbix" for product "Zabbix" and version " >= 6.0.0 <= 6.0.33"		en		Affected
Zabbix Search vendor "Zabbix"		Zabbix Search vendor "Zabbix" for product "Zabbix"				>= 6.4.0 <= 6.4.18 Search vendor "Zabbix" for product "Zabbix" and version " >= 6.4.0 <= 6.4.18"		en		Affected
Zabbix Search vendor "Zabbix"		Zabbix Search vendor "Zabbix" for product "Zabbix"				>= 7.0.0 <= 7.0.3 Search vendor "Zabbix" for product "Zabbix" and version " >= 7.0.0 <= 7.0.3"		en		Affected