Uploaded image for project: 'ZABBIX BUGS AND ISSUES'
  1. ZABBIX BUGS AND ISSUES
  2. ZBX-16789

CVE-2019-17382 An attacker can bypass the login page and access the dashboard page ( CVSS: 9.1 Critical )

    XMLWordPrintable

Details

    • Incident report
    • Status: Closed
    • Minor
    • Resolution: Duplicate
    • 4.4.0
    • None
    • Frontend (F)
    • None

    Description

      CVE-2019-17382 was described and it became public information in October.
      We need to investigate and explain this. Please assist.

      An issue was discovered in zabbix.php?action=dashboard.view&dashboardid=1 in Zabbix through 4.4. An attacker can bypass the login page and access the dashboard page, and then create a Dashboard, Report, Screen, or Map without any Username/Password (i.e., anonymously). All created elements (Dashboard/Report/Screen/Map) are accessible by other users and by an admin.
      ...
      CVE-2019-17382 Detail
      https://nvd.nist.gov/vuln/detail/CVE-2019-17382

      Related info:
      https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17382
      https://www.exploit-db.com/exploits/47467

      Attachments

        Issue Links

          Activity

            People

              Unassigned Unassigned
              JKKim Kim Jongkwon
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: