CVE-2024-22114

2024-08-1213:38:15

CWE-281

Zabbix

web.nvd.nist.gov

cve-2024-22114

system information widget

global view dashboard

hosts

user permission

access control

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

AI Score

4.5

Confidence

High

EPSS

Percentile

9.5%

JSON

User with no permission to any of the Hosts can access and view host count & other statistics through System Information Widget in Global View Dashboard.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "modules": [
      "Server",
      "Frontend"
    ],
    "product": "Zabbix",
    "repo": "https://git.zabbix.com/",
    "vendor": "Zabbix",
    "versions": [
      {
        "changes": [
          {
            "at": "5.0.43rc1",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "5.0.42",
        "status": "affected",
        "version": "5,0,0",
        "versionType": "git"
      },
      {
        "changes": [
          {
            "at": "6.0.31rc1",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "6.0.30",
        "status": "affected",
        "version": "6.0",
        "versionType": "git"
      },
      {
        "changes": [
          {
            "at": "6.4.16rc1",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "6.4.15",
        "status": "affected",
        "version": "6.4.0",
        "versionType": "git"
      },
      {
        "changes": [
          {
            "at": "7.0.0rc3",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "7.0.0rc2",
        "status": "affected",
        "version": "7.0.0alpha1",
        "versionType": "git"
      }
    ]
  }
]