CVE-2023-29450 HIGH

CVE-2023-29450: Unauthorized limited filesystem access from preprocessing

Vendor Zabbix
Product Zabbix
Weakness CWE-200 · Info exposure
Published July 13, 2023
Last update November 3, 2025

CVSS base score

8.5/10
Attack vector Network
Attack complexity High
Privileges required Low
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

JavaScript pre-processing can be used by the attacker to gain access to the file system (read-only access on behalf of user "zabbix") on the Zabbix Server or Zabbix Proxy, potentially leading to unauthorized access to sensitive data.

Key dates

02Disclosure timeline

July 13, 2023 CVE published
November 3, 2025 Record updated