从这个网页截图中,可以获取到以下关于漏洞的关键信息: 1. 漏洞编号:ZBX-25018 2. 漏洞名称:Direct access to memory pointers within the JS modification (CVE-2024-36461) 3. 漏洞类型:Defect (Security) 4. 优先级:Critical 5. 受影响的版本: - 6.0.30 - 6.4.15 - 7.0.0 6. 组件:Server (S) 7. 漏洞描述: - CVE-2024-36461 - CVSS score: 9.1 - CVSS vector: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:L/UI:N - Severity: Critical - Summary: Direct access to memory pointers within the JS engine for modification - Description: Within Zabbix, users could directly modify memory pointers in the JavaScript engine. 8. 漏洞分类: - Common Weakness Enumeration (CWE): CWE-822 Untrusted Pointer Dereference - Common Attack Pattern Enumeration and Classification (CAPEC): CAPEC-253 Remote Code Inclusion 9. 已知攻击向量: - This vulnerability allows users with access to a single item configuration (the whole infrastructure of the monitoring solution) by remote code execution. 10. 漏洞细节: - The following report is a continuation of the previous finding (2088108): https://nvd.nist.gov/vuln/detail/CVE-2023-32724 - JS engine memory pointers are directly available for Zabbix users for modification located in a property of the ducktape object (https://git.zabbix.com/projects/ZBX/repos/zabbix/browse/src/libs/zbxengine.js). 11. 补丁提供:No 12. 受影响和修复的版本: - 6.0.0 - 6.0.30 / 6.0.31rc1 - 6.4.0 - 6.4.15 / 6.4.16rc1 - 7.0.0alpha1 - 7.0.0 / 7.0.1rc1 13. 修复兼容性:None 这些信息可以帮助了解漏洞的详细情况、影响范围以及修复情况。