zabbix-agent-4.0.39-1.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:11934-1 Final 1 1 2024-06-15T00:00:00Z current 2024-06-15T00:00:00Z 2024-06-15T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z zabbix-agent-4.0.39-1.1 on GA media These are all security issues fixed in the zabbix-agent-4.0.39-1.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-11934 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2022-24349/ SUSE CVE CVE-2022-24349 page openSUSE Tumbleweed zabbix-agent-4.0.39-1.1 zabbix-java-gateway-4.0.39-1.1 zabbix-phpfrontend-4.0.39-1.1 zabbix-proxy-4.0.39-1.1 zabbix-proxy-mysql-4.0.39-1.1 zabbix-proxy-postgresql-4.0.39-1.1 zabbix-proxy-sqlite-4.0.39-1.1 zabbix-server-4.0.39-1.1 zabbix-server-mysql-4.0.39-1.1 zabbix-server-postgresql-4.0.39-1.1 zabbix-agent-4.0.39-1.1 as a component of openSUSE Tumbleweed zabbix-java-gateway-4.0.39-1.1 as a component of openSUSE Tumbleweed zabbix-phpfrontend-4.0.39-1.1 as a component of openSUSE Tumbleweed zabbix-proxy-4.0.39-1.1 as a component of openSUSE Tumbleweed zabbix-proxy-mysql-4.0.39-1.1 as a component of openSUSE Tumbleweed zabbix-proxy-postgresql-4.0.39-1.1 as a component of openSUSE Tumbleweed zabbix-proxy-sqlite-4.0.39-1.1 as a component of openSUSE Tumbleweed zabbix-server-4.0.39-1.1 as a component of openSUSE Tumbleweed zabbix-server-mysql-4.0.39-1.1 as a component of openSUSE Tumbleweed zabbix-server-postgresql-4.0.39-1.1 as a component of openSUSE Tumbleweed An authenticated user can create a link with reflected XSS payload for actions' pages, and send it to other users. Malicious code has access to all the same objects as the rest of the web page and can make arbitrary modifications to the contents of the page being displayed to a victim. This attack can be implemented with the help of social engineering and expiration of a number of factors - an attacker should have authorized access to the Zabbix Frontend and allowed network connection between a malicious server and victim's computer, understand attacked infrastructure, be recognized by the victim as a trustee and use trusted communication channel. CVE-2022-24349 openSUSE Tumbleweed:zabbix-agent-4.0.39-1.1 openSUSE Tumbleweed:zabbix-java-gateway-4.0.39-1.1 openSUSE Tumbleweed:zabbix-phpfrontend-4.0.39-1.1 openSUSE Tumbleweed:zabbix-proxy-4.0.39-1.1 openSUSE Tumbleweed:zabbix-proxy-mysql-4.0.39-1.1 openSUSE Tumbleweed:zabbix-proxy-postgresql-4.0.39-1.1 openSUSE Tumbleweed:zabbix-proxy-sqlite-4.0.39-1.1 openSUSE Tumbleweed:zabbix-server-4.0.39-1.1 openSUSE Tumbleweed:zabbix-server-mysql-4.0.39-1.1 openSUSE Tumbleweed:zabbix-server-postgresql-4.0.39-1.1 moderate 2.1 AV:N/AC:H/Au:S/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-24349.html CVE-2022-24349 https://bugzilla.suse.com/1196944 SUSE Bug 1196944