CVE-2024-36469Observable Timing Discrepancy in Zabbix

CWE-208Observable Timing Discrepancy5 documents5 sources
Severity
2.3LOWNVD
EPSS
0.1%
top 68.20%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Zabbix
Timeline
PublishedApr 2

Description

Execution time for an unsuccessful login differs when using a non-existing username compared to using an existing one.

CVSS vector

CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Affected Packages3 packages

NVDzabbix/zabbix5.0.05.0.46+3
Debianzabbix/zabbix< 1:5.0.46+dfsg-1+deb11u1+2
CVEListV5zabbix/zabbix5.0.05.0.45+3

🔴Vulnerability Details

3
CVEList
User enumeration via timing attack in Zabbix web interface2025-04-02
GHSA
GHSA-8w6w-prh9-wr2j: Execution time for an unsuccessful login differs when using a non-existing username compared to using an existing one2025-04-02
OSV
CVE-2024-36469: Execution time for an unsuccessful login differs when using a non-existing username compared to using an existing one2025-04-02

📋Vendor Advisories

1
Debian
CVE-2024-36469: zabbix - Execution time for an unsuccessful login differs when using a non-existing usern...2024