8.1

CVE-2024-36460

Front-end audit log shows passwords in plaintext

The front-end audit log allows viewing of unprotected plaintext passwords, where the passwords are displayed in plain text.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ZabbixZabbix Version >= 5.0.0 <= 5.0.42
ZabbixZabbix Version >= 6.0.0 <= 6.0.30
ZabbixZabbix Version >= 6.4.0 <= 6.4.15
ZabbixZabbix Version7.0.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.61% 0.445
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 8.1 2.8 5.2
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
security@zabbix.com 8.1 2.8 5.2
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
CWE-256 Plaintext Storage of a Password

The product stores a password in plaintext within resources such as memory or files.

CWE-522 Insufficiently Protected Credentials

The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

https://support.zabbix.com/browse/ZBX-25017
Vendor Advisory
https://lists.debian.org/debian-lts-announce/2024/10/msg00000.html