Uploaded image for project: 'ZABBIX BUGS AND ISSUES'
  1. ZABBIX BUGS AND ISSUES
  2. ZBX-7693

User type "Zabbix Admin" users can modify the media for all Zabbix users - Security hole

    XMLWordPrintable

Details

    Description

      Based on the UI, I would assume (and hope) that only Zabbix Super Admins could modify the media for any user. In the UI, only Zabbix Super Admins can get to the Administration tab to make user changes. Using the API, I did a test today and found that a user of type "Zabbix Admin" user can modify the media for any users in the zabbix system! For history on why I found this, see ZBXNEXT-2122.

      CVE-2014-1685

      Attachments

        Activity

          People

            Unassigned Unassigned
            heaje Corey Shaw
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: