CVE-2024-42325

Опубликовано: 02 апр. 2025

Источник: debian

EPSS Низкий

Описание

Zabbix API user.get returns all users that share common group with the calling user. This includes media and other information, such as login attempts, etc.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
zabbix	fixed	1:7.0.9+dfsg-1		package
zabbix	no-dsa		bookworm	package

Примечания

https://support.zabbix.com/browse/ZBX-26258
Fixed by (merge commit) https://github.com/zabbix/zabbix/commit/652fd57e8d93b2890f7484771d4fdf290a459b11 (7.0.9rc1)
Fixed by (merge commit) https://github.com/zabbix/zabbix/commit/2b6d97beac19674ad238f98f971cf83dca352386 (6.0.38rc1)
Fixed by (merge commit) https://github.com/zabbix/zabbix/commit/9edbc84251a1fb2ab75dc974c334d300d4705390 (5.0.46rc1)

EPSS

Процентиль: 32%

0.00124

Низкий

Связанные уязвимости

CVE-2024-42325

CVSS3: 3.5

ubuntu

около 1 года назад

Zabbix API user.get returns all users that share common group with the calling user. This includes media and other information, such as login attempts, etc.

CVE-2024-42325

CVSS3: 3.5

nvd

около 1 года назад

Zabbix API user.get returns all users that share common group with the calling user. This includes media and other information, such as login attempts, etc.

GHSA-pphq-xpjc-vgqx

CVSS3: 3.5

github

12 месяцев назад

Zabbix API user.get returns all users that share common group with the calling user. This includes media and other information, such as login attempts, etc.

BDU:2025-05635

CVSS3: 3.5

fstec

около 1 года назад

Уязвимость компонента API универсальной системы мониторинга Zabbix, позволяющая нарушителю раскрыть защищаемую информацию

SUSE-SU-2026:0483-1

suse-cvrf

около 2 месяцев назад

Security update for zabbix

EPSS

Процентиль: 32%

0.00124

Низкий