CVE-2024-36460 — Plaintext Storage of a Password in Zabbix

CWE-256 — Plaintext Storage of a Password CWE-522 — Insufficiently Protected Credentials4 documents4 sources

Severity

8.1HIGHNVD

EPSS

0.4%

top 36.53%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Zabbix Debian Zabbix

Timeline

PublishedAug 12

Description

The front-end audit log allows viewing of unprotected plaintext passwords, where the passwords are displayed in plain text.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:NExploitability: 2.8 | Impact: 5.2

Affected Packages4 packages

▶debiandebian/zabbix< zabbix 1:5.0.44+dfsg-1+deb11u1 (bullseye)

▶Debianzabbix/zabbix< 1:5.0.44+dfsg-1+deb11u1+2

▶CVEListV5zabbix/zabbix5,0,0 — 5.0.42+1

▶NVDzabbix/zabbix5.0.0 — 5.0.42+3

🔴Vulnerability Details

OSV

CVE-2024-36460: The front-end audit log allows viewing of unprotected plaintext passwords, where the passwords are displayed in plain text↗2024-08-12

▶

GHSA

GHSA-7w94-mp6m-pfq8: The front-end audit log allows viewing of unprotected plaintext passwords, where the passwords are displayed in plain text↗2024-08-12

▶

📋Vendor Advisories

Debian

CVE-2024-36460: zabbix - The front-end audit log allows viewing of unprotected plaintext passwords, where...↗2024

▶