Описание
After the initial setup process, some steps of setup.php file are reachable not only by super-administrators, but by unauthenticated users as well. Malicious actor can pass step checks and potentially change the configuration of Zabbix Frontend.
Ссылки
- Mailing ListThird Party Advisory
- Release Notes
- Release Notes
- Issue TrackingPatchVendor Advisory
- Mailing ListThird Party Advisory
- Release Notes
- Release Notes
- Issue TrackingPatchVendor Advisory
- US Government Resource
Уязвимые конфигурации
Одно из
Одно из
EPSS
3.7 Low
CVSS3
5.3 Medium
CVSS3
5 Medium
CVSS2
Дефекты
Связанные уязвимости
After the initial setup process, some steps of setup.php file are reachable not only by super-administrators, but by unauthenticated users as well. Malicious actor can pass step checks and potentially change the configuration of Zabbix Frontend.
After the initial setup process, some steps of setup.php file are reac ...
After the initial setup process, some steps of setup.php file are reachable not only by super-administrators, but by unauthenticated users as well. Malicious actor can pass step checks and potentially change the configuration of Zabbix Frontend.
Уязвимость конфигурации setup.php универсальной системы мониторинга Zabbix , связанная с ошибками авторизации, позволяющая нарушителю изменить параметры конфигурации
EPSS
3.7 Low
CVSS3
5.3 Medium
CVSS3
5 Medium
CVSS2