Uploaded image for project: 'ZABBIX BUGS AND ISSUES'
  1. ZABBIX BUGS AND ISSUES
  2. ZBX-16789

CVE-2019-17382 An attacker can bypass the login page and access the dashboard page ( CVSS: 9.1 Critical )

    XMLWordPrintable

    Details

    • Type: Incident report
    • Status: Closed
    • Priority: Minor
    • Resolution: Duplicate
    • Affects Version/s: 4.4.0
    • Fix Version/s: None
    • Component/s: Frontend (F)
    • Labels:
      None

      Description

      CVE-2019-17382 was described and it became public information in October.
      We need to investigate and explain this. Please assist.

      An issue was discovered in zabbix.php?action=dashboard.view&dashboardid=1 in Zabbix through 4.4. An attacker can bypass the login page and access the dashboard page, and then create a Dashboard, Report, Screen, or Map without any Username/Password (i.e., anonymously). All created elements (Dashboard/Report/Screen/Map) are accessible by other users and by an admin.
      ...
      CVE-2019-17382 Detail
      https://nvd.nist.gov/vuln/detail/CVE-2019-17382

      Related info:
      https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17382
      https://www.exploit-db.com/exploits/47467

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              Unassigned Unassigned
              Reporter:
              JKKim Kim Jongkwon
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: