CVE-2023-29449: 
Zabbix Server vulnerability analysis and mitigation

CVE-2023-29449 is a vulnerability in Zabbix that affects JavaScript preprocessing, webhooks, and global scripts functionality. The vulnerability was disclosed on July 13, 2023, and affects multiple versions of Zabbix including versions up to 5.0.31 and versions 6.0.0 through 6.0.13. The issue is related to uncontrolled resource consumption in the system, though it's limited to users with administrative privileges (NVD).

The vulnerability allows for uncontrolled CPU, memory, and disk I/O utilization through JavaScript preprocessing, webhooks, and global scripts. It has been assigned a CVSS v3.1 base score of 4.9 (Medium) by NIST with a vector string of CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H. The vulnerability is classified under CWE-770 (Allocation of Resources Without Limits or Throttling) and CWE-400 (Uncontrolled Resource Consumption) (NVD).

The vulnerability can lead to resource exhaustion affecting system availability through uncontrolled CPU, memory, and disk I/O utilization. However, the security risk is limited as the vulnerability can only be exploited by users with administrative privileges (Admin and Superadmin roles) (NVD).

Fixed versions have been released including version 5.0.44+dfsg-1+deb11u1 for Debian bullseye and version 6.0.23+dfsg-1 for unstable releases. The vulnerability has been patched in version 5.0.32 with a fix committed to the upstream release/5.0 branch (Debian Tracker).