CVE-2024-22114

Name

CVE-2024-22114

Description

User with no permission to any of the Hosts can access and view host count & other statistics through System Information Widget in Global View Dashboard.

NVD Severity

unknown

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

References

Type	URI
	https://support.zabbix.com/browse/ZBX-25002
	https://support.zabbix.com/browse/ZBX-25015

Match rules

CPE URI	Source package	Min version	Max version
	zabbix	>= 5,0,0	<= 5.0.42
	zabbix	>= 6.0	<= 6.0.30
	zabbix	>= 6.4.0	<= 6.4.15
	zabbix	>= 7.0.0alpha1	<= 7.0.0rc2
`cpe:2.3:a:zabbix:zabbix::::::::`	zabbix	>= 5.0.0	<= 5.0.42
`cpe:2.3:a:zabbix:zabbix::::::::`	zabbix	>= 6.0.0	<= 6.0.30
`cpe:2.3:a:zabbix:zabbix:7.0.0:alpha1::::::`	zabbix	== None	== 7.0.0

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
zabbix	3.20-community	6.4.15-r2	Kevin Daudt <kdaudt@alpinelinux.org>	possibly vulnerable