Uploaded image for project: 'ZABBIX BUGS AND ISSUES'
  1. ZABBIX BUGS AND ISSUES
  2. ZBX-16789

CVE-2019-17382 An attacker can bypass the login page and access the dashboard page ( CVSS: 9.1 Critical )

XMLWordPrintable

    • Icon: Incident report Incident report
    • Resolution: Duplicate
    • Icon: Minor Minor
    • None
    • 4.4.0
    • Frontend (F)
    • None

      CVE-2019-17382 was described and it became public information in October.
      We need to investigate and explain this. Please assist.

      An issue was discovered in zabbix.php?action=dashboard.view&dashboardid=1 in Zabbix through 4.4. An attacker can bypass the login page and access the dashboard page, and then create a Dashboard, Report, Screen, or Map without any Username/Password (i.e., anonymously). All created elements (Dashboard/Report/Screen/Map) are accessible by other users and by an admin.
      ...
      CVE-2019-17382 Detail
      https://nvd.nist.gov/vuln/detail/CVE-2019-17382

      Related info:
      https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17382
      https://www.exploit-db.com/exploits/47467

            Unassigned Unassigned
            JKKim Kim Jongkwon
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated:
              Resolved: