Uploaded image for project: 'ZABBIX BUGS AND ISSUES'
  1. ZABBIX BUGS AND ISSUES
  2. ZBX-15577

Restricted users can get hostnames of the hosts via host screen functionality

    XMLWordPrintable

Details

    • Team D
    • Sprint 47, Dec 2018, Sprint 48, Jan 2019
    • 0.25

    Description

      Zabbix administator can configure permissions for user groups. For example, he can restrict access to the information about group of the hosts. But it was found that restricted users (e.g. guest user) can get hostnames of the hosts via host screen functionality. It can be checked by using such URL as a restricted user: http://ZABBIX_SERVER/zabbix/host_screen.php?hostid=10084. 10084 is an id of the host, so it can be different for your system.
      In other parts of Zabbix such behaviour is blocked. Please tell me if you consider this a vulnerability.

      Attachments

        Activity

          People

            basilgon Vasily Goncharenko (Inactive)
            palivoda Rostislav Palivoda
            Votes:
            0 Vote for this issue
            Watchers:
            6 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: