Описание
When exporting media types, the password is exported in the YAML in plain text. This appears to be a best practices type issue and may have no actual impact. The user would need to have permissions to access the media types and therefore would be expected to have access to these passwords.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| zabbix | fixed | 1:7.0.9+dfsg-1 | package | |
| zabbix | no-dsa | bookworm | package |
Примечания
https://support.zabbix.com/browse/ZBX-25630
Despite upstream claiming fixed in 6.0.30rc1, can reproduce with 6.0.36 (package from upstream)
Can also reproduce it in 5.0.45 and 7.0.6+dfsg-1.
zabbix/1:7.0.9+dfsg-1 only applies a stop-gap measure by removing output of
the problematic sensitive fields from export.
EPSS
Связанные уязвимости
When exporting media types, the password is exported in the YAML in plain text. This appears to be a best practices type issue and may have no actual impact. The user would need to have permissions to access the media types and therefore would be expected to have access to these passwords.
When exporting media types, the password is exported in the YAML in plain text. This appears to be a best practices type issue and may have no actual impact. The user would need to have permissions to access the media types and therefore would be expected to have access to these passwords.
When exporting media types, the password is exported in the YAML in plain text. This appears to be a best practices type issue and may have no actual impact. The user would need to have permissions to access the media types and therefore would be expected to have access to these passwords.
Уязвимость системы мониторинга ИТ-инфраструктуры Zabbix, связанная с хранением пароля в незашифрованном виде, позволяющая нарушителю получить доступ к защищаемой информации
EPSS