CVE-2024-42325

Name

CVE-2024-42325

Description

Zabbix API user.get returns all users that share common group with the calling user. This includes media and other information, such as login attempts, etc.

NVD Severity

unknown

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

References

Type	URI
security@zabbix.com	https://support.zabbix.com/browse/ZBX-26258
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2025/04/msg00027.html

Match rules

CPE URI	Source package	Min version	Max version
	zabbix	>= 5.0.0	<= 5.0.45
	zabbix	>= 6.0.0	<= 6.0.37
	zabbix	>= 7.0.0	<= 7.0.8
	zabbix	>= 7.2.0	<= 7.2.2
`cpe:2.3:a:zabbix:zabbix::::::::`	zabbix	>= 5.0.0	< 5.0.46
`cpe:2.3:a:zabbix:zabbix::::::::`	zabbix	>= 6.0.0	< 6.0.38
`cpe:2.3:a:zabbix:zabbix::::::::`	zabbix	>= 7.0.0	< 7.0.9
`cpe:2.3:a:zabbix:zabbix::::::::`	zabbix	>= 7.2.0	< 7.2.3

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
zabbix	3.22-community	7.0.1-r0	None	possibly vulnerable