CVE-2011-3264 — Sensitive Information Exposure in Zabbix

CWE-200 — Sensitive Information Exposure5 documents5 sources

Severity

5.0MEDIUMNVD

EPSS

0.5%

top 36.12%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Zabbix Debian Zabbix

Timeline

PublishedAug 19

Latest updateMay 17

Description

Zabbix before 1.8.6 allows remote attackers to obtain sensitive information via an invalid srcfld2 parameter to popup.php, which reveals the installation path in an error message.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

▶debiandebian/zabbix< zabbix 1:1.8.6-1 (bookworm)

▶Debianzabbix/zabbix< 1:1.8.6-1+3

▶NVDzabbix/zabbix1.8.5+48

Patches

Patch: www.zabbix.com ↗Patch: www.zabbix.com ↗

🔴Vulnerability Details

GHSA

GHSA-7734-ppwx-cfgh: Zabbix before 1↗2022-05-17

▶

OSV

CVE-2011-3264: Zabbix before 1↗2011-08-19

▶

📋Vendor Advisories

Debian

CVE-2011-3264: zabbix - Zabbix before 1.8.6 allows remote attackers to obtain sensitive information via ...↗2011

▶

💬Community

Bugzilla

CVE-2011-2904 CVE-2011-3263 CVE-2011-3264 zabbix: multiple flaws in zabbix < 1.8.6↗2011-08-08

▶