Описание
An authenticated user with API access (e.g.: user with default User role), more specifically a user with access to the user.update API endpoint is enough to be able to add themselves to any group (e.g.: Zabbix Administrators), except to groups that are disabled or having restricted GUI access.
Ссылки
- Vendor Advisory
Уязвимые конфигурации
Одно из
EPSS
7.5 High
CVSS3
8.8 High
CVSS3
Дефекты
Связанные уязвимости
An authenticated user with API access (e.g.: user with default User role), more specifically a user with access to the user.update API endpoint is enough to be able to add themselves to any group (e.g.: Zabbix Administrators), except to groups that are disabled or having restricted GUI access.
An authenticated user with API access (e.g.: user with default User ro ...
An authenticated user with API access (e.g.: user with default User role), more specifically a user with access to the user.update API endpoint is enough to be able to add themselves to any group (e.g.: Zabbix Administrators), except to groups that are disabled or having restricted GUI access.
Уязвимость интерфейса универсальной системы мониторинга Zabbix, позволяющая нарушителю повысить свои привилегии
EPSS
7.5 High
CVSS3
8.8 High
CVSS3