ZABBIX BUGS AND ISSUES
  1. ZABBIX BUGS AND ISSUES
  2. ZBX-7693

User type "Zabbix Admin" users can modify the media for all Zabbix users - Security hole

    Details

      Description

      Based on the UI, I would assume (and hope) that only Zabbix Super Admins could modify the media for any user. In the UI, only Zabbix Super Admins can get to the Administration tab to make user changes. Using the API, I did a test today and found that a user of type "Zabbix Admin" user can modify the media for any users in the zabbix system! For history on why I found this, see ZBXNEXT-2122.

      CVE-2014-1685

        Activity

        Transition Time In Source Status Execution Times Last Executer Last Execution Date
        Open Open Resolved Resolved
        1d 8h 3m 1 Eduards Samersovs 2014 Jan 24 09:52
        Resolved Resolved Reopened Reopened
        1d 5h 35m 4 Pavels Jelisejevs 2014 Jan 30 16:26
        Closed Closed Reopened Reopened
        1d 5h 26m 1 richlv 2014 Feb 05 22:07
        Reopened Reopened Resolved Resolved
        6d 10h 41m 5 Pavels Jelisejevs 2014 Feb 06 14:05
        Resolved Resolved Tested Tested
        4d 7h 15m 2 Eduards Samersovs 2014 Feb 06 15:04
        Tested Tested Closed Closed
        1h 18m 2 Pavels Jelisejevs 2014 Feb 06 16:10

          People

          • Assignee:
            Unassigned
            Reporter:
            Corey Shaw
          • Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: