CVE-2024-42325

Опубликовано: 02 апр. 2025

Источник: debian

Описание

Zabbix API user.get returns all users that share common group with the calling user. This includes media and other information, such as login attempts, etc.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
zabbix	fixed	1:7.0.9+dfsg-1		package

Примечания

https://support.zabbix.com/browse/ZBX-26258
Fixed by (merge commit) https://github.com/zabbix/zabbix/commit/652fd57e8d93b2890f7484771d4fdf290a459b11 (7.0.9rc1)
Fixed by (merge commit) https://github.com/zabbix/zabbix/commit/2b6d97beac19674ad238f98f971cf83dca352386 (6.0.38rc1)
Fixed by (merge commit) https://github.com/zabbix/zabbix/commit/9edbc84251a1fb2ab75dc974c334d300d4705390 (5.0.46rc1)

Связанные уязвимости

CVE-2024-42325

ubuntu

5 месяцев назад

Zabbix API user.get returns all users that share common group with the calling user. This includes media and other information, such as login attempts, etc.

CVE-2024-42325

nvd

5 месяцев назад

Zabbix API user.get returns all users that share common group with the calling user. This includes media and other information, such as login attempts, etc.

GHSA-pphq-xpjc-vgqx

github

5 месяцев назад

Zabbix API user.get returns all users that share common group with the calling user. This includes media and other information, such as login attempts, etc.

BDU:2025-05635

CVSS3: 3.5

fstec

5 месяцев назад

Уязвимость компонента API универсальной системы мониторинга Zabbix, позволяющая нарушителю раскрыть защищаемую информацию

ROS-20250616-26

CVSS3: 7.5

redos

3 месяца назад

Множественные уязвимости zabbix7-lts-server-pgsql