Loading...

XML

Word

Printable

Type: Defect (Security)
Resolution: Fixed
Priority: Major
Fix Version/s: 1.8.20rc1, 2.0.11rc1, 2.2.2rc1, 2.3.0
Affects Version/s: 1.8.19, 2.0.10, 2.2.1, 2.3.0
Component/s: API (A)
Labels:
- authentication
- security
Environment:
Apache + mod_php + mod_auth_kerb

When Zabbix is configured with HTTP authentication, the API uses permissions of the user passed to the user.login call. Therefore, as long as you can authenticate to the Zabbix server, you could impersonate any user via the API by passing another username to the user.login request.

CVE-2014-1682

- - Sort By Name
  - Sort By Date
  - Ascending
  - Descending
  - Thumbnails
  - List
  - Download All

ZBX-7703-1.8.2.patch
0.9 kB
2014 Feb 10 12:11
ZBX-7703-2.2.1.patch
1 kB
2014 Feb 07 13:39

Assignee:: Unassigned

Reporter:: Vitaly Shupak

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Created:: 2014 Jan 25 03:08

Updated:: 2020 Jul 16 14:10

Resolved:: 2014 Feb 13 17:03

Details

Description

Attachments

Attachments

Activity

People

Dates