CVE-2024-22117: Value of sysmap_element_url can be de-synchronized causing the map element to crash when new URLs is added

2.2 CVSS

Description

When a URL is added to the map element, it is recorded in the database with sequential IDs. Upon adding a new URL, the system retrieves the last sysmapelementurlid value and increments it by one. However, an issue arises when a user manually changes the sysmapelementurlid value by adding sysmapelementurlid + 1. This action prevents others from adding URLs to the map element.

Classification

CVE ID: CVE-2024-22117

CVSS Base Severity: LOW

CVSS Base Score: 2.2

Affected Products

Vendor: Zabbix

Product: Zabbix

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 11.44% (scored less or equal to compared to others)

EPSS Date: 2025-02-03 (when was this score calculated)

References

https://support.zabbix.com/browse/ZBX-25610

Timeline

2024-11-27 14:52:06 UTC
CVE

Value of sysmap_element_url can be de-synchronized causing the map element to crash when new URLs is added