CVE-2017-2826Sensitive Information Exposure in Zabbix

CWE-200Sensitive Information Exposure8 documents5 sources
Severity
3.7LOWNVD
EPSS
0.3%
top 50.40%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
ZabbixDebian ZabbixTalos Zabbix+1 more
Timeline
PublishedApr 9
Latest updateMay 14

Description

An information disclosure vulnerability exists in the iConfig proxy request of Zabbix server 2.4.X. A specially crafted iConfig proxy request can cause the Zabbix server to send the configuration information of any Zabbix proxy, resulting in information disclosure. An attacker can make requests from an active Zabbix proxy to trigger this vulnerability.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 2.2 | Impact: 1.4

Affected Packages4 packages

debiandebian/zabbix< zabbix 1:4.0.0+dfsg-1 (bookworm)
Debianzabbix/zabbix< 1:4.0.0+dfsg-1+3
CVEListV5talos/zabbixZabbix Server 2.4.8.r1
NVDzabbix/zabbix10 versions+9

Also affects: Debian Linux 8.0

🔴Vulnerability Details

2
GHSA
GHSA-gxx4-vhw8-8h73: An information disclosure vulnerability exists in the iConfig proxy request of Zabbix server 22022-05-14
OSV
CVE-2017-2826: An information disclosure vulnerability exists in the iConfig proxy request of Zabbix server 22018-04-09

📋Vendor Advisories

1
Debian
CVE-2017-2826: zabbix - An information disclosure vulnerability exists in the iConfig proxy request of Z...2017

💬Community

4
Bugzilla
CVE-2017-2826 zabbix: Information Disclosure in Zabbix Server Config Proxy Request2018-04-16
Bugzilla
CVE-2017-2826 zabbix: Information Disclosure in Zabbix Server Config Proxy Request [epel-6]2018-04-16
Bugzilla
CVE-2017-2826 zabbix20: zabbix: Information Disclosure in Zabbix Server Config Proxy Request [epel-all]2018-04-16
Bugzilla
CVE-2017-2826 zabbix22: zabbix: Information Disclosure in Zabbix Server Config Proxy Request [epel-all]2018-04-16