CVE-2024-42325

Summary

Zabbix API user.get returns all users that share common group with the calling user. This includes media and other information, such as login attempts, etc.

Affected Software

VendorProductVersion RangeStatus
ZabbixZabbix5.0.0 <= 5.0.45affected
ZabbixZabbix6.0.0 <= 6.0.37affected
ZabbixZabbix7.0.0 <= 7.0.8affected
ZabbixZabbix7.2.0 <= 7.2.2affected

Weaknesses

  • CWE-359: CWE-359: Exposure of Private Personal Information to an Unauthorized Actor

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References