Vulnerability Description
An issue was discovered in zabbix.php?action=dashboard.view&dashboardid=1 in Zabbix through 4.4. An attacker can bypass the login page and access the dashboard page, and then create a Dashboard, Report, Screen, or Map without any Username/Password (i.e., anonymously). All created elements (Dashboard/Report/Screen/Map) are accessible by other users and by an admin.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Zabbix | Zabbix | <= 4.4 |
Related Weaknesses (CWE)
References
- https://lists.debian.org/debian-lts-announce/2023/08/msg00027.html
- https://www.exploit-db.com/exploits/47467ExploitThird Party AdvisoryVDB Entry
- https://lists.debian.org/debian-lts-announce/2023/08/msg00027.html
- https://www.exploit-db.com/exploits/47467ExploitThird Party AdvisoryVDB Entry
FAQ
What is CVE-2019-17382?
CVE-2019-17382 is a vulnerability with a CVSS score of 9.1 (CRITICAL). An issue was discovered in zabbix.php?action=dashboard.view&dashboardid=1 in Zabbix through 4.4. An attacker can bypass the login page and access the dashboard page, and then create a Dashboard, Repor...
How severe is CVE-2019-17382?
CVE-2019-17382 has been rated CRITICAL with a CVSS base score of 9.1/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2019-17382?
Check the references section above for vendor advisories and patch information. Affected products include: Zabbix Zabbix.