Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2024-36467

Опубликовано: 27 нояб. 2024
Источник: debian
EPSS Низкий

Описание

An authenticated user with API access (e.g.: user with default User role), more specifically a user with access to the user.update API endpoint is enough to be able to add themselves to any group (e.g.: Zabbix Administrators), except to groups that are disabled or having restricted GUI access.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
zabbixfixed1:7.0.2+dfsg-1package

Примечания

  • https://support.zabbix.com/browse/ZBX-25614

  • Fixed by: https://github.com/zabbix/zabbix/commit/dabb5dd27aa979657a5bd6077716ce60951e1552 (7.0.2rc1)

  • Fixed by: https://github.com/zabbix/zabbix/commit/cf14d079941a3161dedfc85b9f5c474ed2208c0b (7.0.2rc1)

  • Fixed by: https://github.com/zabbix/zabbix/commit/f6f765a8759a5b78024083dc05a04ed1ba6ab841 (6.0.33rc1)

  • Fixed by: https://github.com/zabbix/zabbix/commit/a47ca934e25f73f0c69ec4311938262849fe327a (6.0.33rc1)

  • Fixed by: https://github.com/zabbix/zabbix/commit/c52631928bfb8e65aad552881ab088bd8a1d7f01 (5.0.43rc1)

  • Fixed by: https://github.com/zabbix/zabbix/commit/93d8e4cf751772538801b3528c223e5d2aac762a (5.0.43rc1)

EPSS

Процентиль: 21%
0.00068
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2024-36467

CVSS3: 7.5
ubuntu
7 месяцев назад

An authenticated user with API access (e.g.: user with default User role), more specifically a user with access to the user.update API endpoint is enough to be able to add themselves to any group (e.g.: Zabbix Administrators), except to groups that are disabled or having restricted GUI access.

nvd логотип

CVE-2024-36467

CVSS3: 7.5
nvd
7 месяцев назад

An authenticated user with API access (e.g.: user with default User role), more specifically a user with access to the user.update API endpoint is enough to be able to add themselves to any group (e.g.: Zabbix Administrators), except to groups that are disabled or having restricted GUI access.

github логотип

GHSA-xwvj-c6cj-6xgw

CVSS3: 7.5
github
7 месяцев назад

An authenticated user with API access (e.g.: user with default User role), more specifically a user with access to the user.update API endpoint is enough to be able to add themselves to any group (e.g.: Zabbix Administrators), except to groups that are disabled or having restricted GUI access.

fstec логотип

BDU:2024-10777

CVSS3: 7.5
fstec
около 1 года назад

Уязвимость интерфейса универсальной системы мониторинга Zabbix, позволяющая нарушителю повысить свои привилегии

redos логотип

ROS-20241216-06

CVSS3: 8.8
redos
6 месяцев назад

Множественные уязвимости zabbix-server-pgsql

EPSS

Процентиль: 21%
0.00068
Низкий