CVE-2023-29449 MEDIUM

CVE-2023-29449: Limited control of resource utilization in JS preprocessing

Vendor Zabbix
Product Zabbix
Weakness CWE-400
Published July 13, 2023
Last update November 3, 2025

CVSS base score

5.9/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction None
Confidentiality None
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

What the vulnerability does

01Description

JavaScript preprocessing, webhooks and global scripts can cause uncontrolled CPU, memory, and disk I/O utilization. Preprocessing/webhook/global script configuration and testing are only available to Administrative roles (Admin and Superadmin). Administrative privileges should be typically granted to users who need to perform tasks that require more control over the system. The security risk is limited because not all users have this level of access.

Key dates

02Disclosure timeline

July 13, 2023 CVE published
November 3, 2025 Record updated