Uploaded image for project: 'ZABBIX BUGS AND ISSUES'
  1. ZABBIX BUGS AND ISSUES
  2. ZBX-15577

Restricted users can get hostnames of the hosts via host screen functionality

    Details

    • Team:
      Team D
    • Sprint:
      Sprint 47, Dec 2018, Sprint 48, Jan 2019
    • Story Points:
      0.25

      Description

      Zabbix administator can configure permissions for user groups. For example, he can restrict access to the information about group of the hosts. But it was found that restricted users (e.g. guest user) can get hostnames of the hosts via host screen functionality. It can be checked by using such URL as a restricted user: http://ZABBIX_SERVER/zabbix/host_screen.php?hostid=10084. 10084 is an id of the host, so it can be different for your system.
      In other parts of Zabbix such behaviour is blocked. Please tell me if you consider this a vulnerability.

        Attachments

          Activity

            People

            • Assignee:
              basilgon Vasily Goncharenko
              Reporter:
              palivoda Rostislav Palivoda
            • Votes:
              0 Vote for this issue
              Watchers:
              7 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: