Uploaded image for project: 'ZABBIX BUGS AND ISSUES'
  1. ZABBIX BUGS AND ISSUES
  2. ZBX-15577

Restricted users can get hostnames of the hosts via host screen functionality

    XMLWordPrintable

    Details

    • Team:
      Team D
    • Sprint:
      Sprint 47, Dec 2018, Sprint 48, Jan 2019
    • Story Points:
      0.25

      Description

      Zabbix administator can configure permissions for user groups. For example, he can restrict access to the information about group of the hosts. But it was found that restricted users (e.g. guest user) can get hostnames of the hosts via host screen functionality. It can be checked by using such URL as a restricted user: http://ZABBIX_SERVER/zabbix/host_screen.php?hostid=10084. 10084 is an id of the host, so it can be different for your system.
      In other parts of Zabbix such behaviour is blocked. Please tell me if you consider this a vulnerability.

        Attachments

          Activity

            People

            Assignee:
            basilgon Vasily Goncharenko
            Reporter:
            palivoda Rostislav Palivoda
            Votes:
            0 Vote for this issue
            Watchers:
            7 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: