An issue was discovered in zabbix.php?action=dashboard.view&dashboardid=1 in Zabbix through 4.4. An attacker can bypass the login page and access the dashboard page, and then create a Dashboard, Report, Screen, or Map without any Username/Password (i.e., anonymously). All created elements (Dashboard/Report/Screen/Map) are accessible by other users and by an admin.
References
Link | Resource |
---|---|
https://www.exploit-db.com/exploits/47467 | Exploit Third Party Advisory VDB Entry |
Configurations
Information
Published : 2019-10-09 07:15
Updated : 2020-08-24 10:37
NVD link : CVE-2019-17382
Mitre link : CVE-2019-17382
JSON object : View
CWE
CWE-639
Authorization Bypass Through User-Controlled Key
Products Affected
zabbix
- zabbix