Описание
An authenticated Zabbix Super Admin can exploit the oauth.authorize action to read arbitrary files from the webserver leading to potential confidentiality loss.
A flaw was found in Zabbix. This vulnerability allows an authenticated Zabbix Super Admin to read arbitrary files from the webserver via exploiting the oauth.authorize action, leading to potential confidentiality loss.
Отчет
This vulnerability is rated Moderate for Red Hat as an authenticated Zabbix Super Admin can read arbitrary files from the webserver. This flaw requires high privileges, specifically a Super Admin account, to exploit the oauth.authorize action, leading to potential confidentiality loss within Zabbix deployments in Community Projects.
Дополнительная информация
Статус:
EPSS
6.8 Medium
CVSS3
Связанные уязвимости
An authenticated Zabbix Super Admin can exploit the oauth.authorize action to read arbitrary files from the webserver leading to potential confidentiality loss.
An authenticated Zabbix Super Admin can exploit the oauth.authorize action to read arbitrary files from the webserver leading to potential confidentiality loss.
An authenticated Zabbix Super Admin can exploit the oauth.authorize ac ...
An authenticated Zabbix Super Admin can exploit the oauth.authorize action to read arbitrary files from the webserver leading to potential confidentiality loss.
Уязвимость системы мониторинга ИТ-инфраструктуры Zabbix, связанная с недостаточной проверкой запросов на стороне сервера, позволяющая нарушителю получить доступ на чтение данных
EPSS
6.8 Medium
CVSS3