CVE-2024-36462: 
Zabbix Server vulnerability analysis and mitigation

Zabbix, an open-source monitoring solution, disclosed a vulnerability tracked as CVE-2024-36462 with a CVSS score of 7.5. The vulnerability affects Zabbix versions 7.0.0alpha1 through 7.0.0 and is related to uncontrolled resource consumption in the WebDriver (Browser monitoring) feature, which was first introduced in version 7.0.0rc1 (Debian Tracker, SecurityWeek).

The vulnerability is characterized as an uncontrolled resource consumption issue where an attacker can exploit the browser item script functionality to cause excessive usage of system resources such as CPU, memory, or network bandwidth without proper limitations or controls. The vulnerability has been assigned a CVSS score of 7.5, indicating a high severity level (Zabbix Support).

The exploitation of this vulnerability can result in a denial-of-service (DoS) condition, potentially causing the Zabbix server to crash and degrading the overall system performance. This vulnerability could be leveraged for DDoS attacks against affected systems (Zabbix Support).

The vulnerability has been fixed in Zabbix version 7.0.1rc1. Users are strongly advised to update their Zabbix installations to this patched version or later to address the security issue. Earlier versions such as those in Debian bullseye and bookworm are not affected as they don't include the vulnerable feature (SecurityWeek, Debian Tracker).

The vulnerability was discovered and reported through the HackerOne bug bounty platform by researcher 'justonezero', for which Zabbix has extended its gratitude (Zabbix Support).