ZABBIX BUGS AND ISSUES
  1. ZABBIX BUGS AND ISSUES
  2. ZBX-7693

User type "Zabbix Admin" users can modify the media for all Zabbix users - Security hole

    Details

      Description

      Based on the UI, I would assume (and hope) that only Zabbix Super Admins could modify the media for any user. In the UI, only Zabbix Super Admins can get to the Administration tab to make user changes. Using the API, I did a test today and found that a user of type "Zabbix Admin" user can modify the media for any users in the zabbix system! For history on why I found this, see ZBXNEXT-2122.

      CVE-2014-1685

        Activity

          People

          • Assignee:
            Unassigned
            Reporter:
            Corey Shaw
          • Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: