[ZBX-16789] CVE-2019-17382 An attacker can bypass the login page and access the dashboard page ( CVSS: 9.1 Critical ) Created: 2019 Oct 17  Updated: 2019 Oct 17  Resolved: 2019 Oct 17

Status: Closed
Project: ZABBIX BUGS AND ISSUES
Component/s: Frontend (F)
Affects Version/s: 4.4.0
Fix Version/s: None

Type: Incident report Priority: Minor
Reporter: Kim Jongkwon Assignee: Unassigned
Resolution: Duplicate Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Duplicate
duplicates ZBX-16765 Bypass Auth When using application/x-... Closed

 Description   

CVE-2019-17382 was described and it became public information in October.
We need to investigate and explain this. Please assist.

An issue was discovered in zabbix.php?action=dashboard.view&dashboardid=1 in Zabbix through 4.4. An attacker can bypass the login page and access the dashboard page, and then create a Dashboard, Report, Screen, or Map without any Username/Password (i.e., anonymously). All created elements (Dashboard/Report/Screen/Map) are accessible by other users and by an admin.
...
CVE-2019-17382 Detail
https://nvd.nist.gov/vuln/detail/CVE-2019-17382

Related info:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17382
https://www.exploit-db.com/exploits/47467

 Comments   
Comment by Valdis Murzins [ 2019 Oct 17 ]

Hello,

This is not a security issue, as explained in ZBX-16765.
With this I am closing this as DUPLICATE of ZBX-16765.

Generated at Fri Jun 26 17:25:54 EEST 2026 using Jira 10.3.18#10030018-sha1:5642e4ad348b6c2a83ebdba689d04763a2393cab.