Описание
An authenticated user with API access (e.g.: user with default User role), more specifically a user with access to the user.update API endpoint is enough to be able to add themselves to any group (e.g.: Zabbix Administrators), except to groups that are disabled or having restricted GUI access.
EPSS
7.5 High
CVSS3
Дефекты
Связанные уязвимости
An authenticated user with API access (e.g.: user with default User role), more specifically a user with access to the user.update API endpoint is enough to be able to add themselves to any group (e.g.: Zabbix Administrators), except to groups that are disabled or having restricted GUI access.
An authenticated user with API access (e.g.: user with default User ro ...
An authenticated user with API access (e.g.: user with default User role), more specifically a user with access to the user.update API endpoint is enough to be able to add themselves to any group (e.g.: Zabbix Administrators), except to groups that are disabled or having restricted GUI access.
Уязвимость интерфейса универсальной системы мониторинга Zabbix, позволяющая нарушителю повысить свои привилегии
EPSS
7.5 High
CVSS3