CVE-2019-17382

An issue was discovered in zabbix.php?action=dashboard.view&dashboardid=1 in Zabbix through 4.4. An attacker can bypass the login page and access the dashboard page, and then create a Dashboard, Report, Screen, or Map without any Username/Password (i.e., anonymously). All created elements (Dashboard/Report/Screen/Map) are accessible by other users and by an admin.

Published : 2019-10-09 14:15 Updated : 2019-10-16 15:00

6.4
CVSS Score More info
Score 6.4 / 10
6.4
Vendor Product Version URI
Zabbix Zabbix 4.4 cpe:/a:zabbix:zabbix:4.4
  1. Zabbix (1) Search CVE
    1. Zabbix (1) Search CVE
      1. 4.4

CWE

ID Name Description Links
CWE-287 Improper Authentication When an actor claims to have a given identity, the software does not prove or insufficiently proves that the claim is correct. CVE

Reference

History of changes

Date Event
2019-10-16 15:00
2019-10-09 14:15

New CVE