15 matches found
Astra Linux - уязвимость в zabbix
The Zabbix API’s user.get method returns all users that share a common group with the calling user. This includes media and other information, such as login attempts, etc...
SUSE CVE-2026-23921
A low privilege Zabbix user with API access can exploit a blind SQL injection vulnerability in include/classes/api/CApiService.php to execute arbitrary SQL selects via the sortfield parameter. Although query results are not returned directly, an attacker can exfiltrate arbitrary database data...
CVE-2026-23921
A flaw was found in Zabbix. A low privilege Zabbix user with API access can exploit a blind SQL injection vulnerability in the API service. This vulnerability allows an attacker to execute arbitrary SQL selects and exfiltrate sensitive database data through time-based techniques. This could...
CVE-2026-23921
A low privilege Zabbix user with API access can exploit a blind SQL injection vulnerability in include/classes/api/CApiService.php to execute arbitrary SQL selects via the sortfield parameter. Although query results are not returned directly, an attacker can exfiltrate arbitrary database data...
SUSE CVE-2025-27236
A regular Zabbix user can search other users in their user group via Zabbix API by select fields the user does not have access to view. This allows data-mining some field values the user does not have access to...
EUVD-2025-29034
Malicious code in bioql PyPI...
CVE-2025-27236
A regular Zabbix user can search other users in their user group via Zabbix API by select fields the user does not have access to view. This allows data-mining some field values the user does not have access to...
DEBIAN-CVE-2025-27236
A regular Zabbix user can search other users in their user group via Zabbix API by select fields the user does not have access to view. This allows data-mining some field values the user does not have access to...
CVE-2025-27236 User information disclosure via api_jsonrpc.php on method user.get with param search
A regular Zabbix user can search other users in their user group via Zabbix API by select fields the user does not have access to view. This allows data-mining some field values the user does not have access to...
CVE-2025-27236
CVE-2025-27236 describes an information-disclosure vulnerability in Zabbix API. A regular Zabbix user can use user.get (via api_jsonrpc.php) to search for other users within their user group and retrieve fields that the requester should not access, enabling data-mining of restricted field values....
PT-2025-40513
Name of the Vulnerable Software and Affected Versions Zabbix affected versions not specified Description A regular user can search for other users within their user group through the Zabbix API and access fields they are not authorized to view. This enables the extraction of data from fields the...
CVE-2025-27238
Due to a bug in Zabbix API, the hostprototype.get method lists all host prototypes to users that do not have any user groups assigned to them...
SUSE CVE-2024-42325
Zabbix API user.get returns all users that share common group with the calling user. This includes media and other information, such as login attempts, etc...
DEBIAN-CVE-2024-42325
Zabbix API user.get returns all users that share common group with the calling user. This includes media and other information, such as login attempts, etc...
UBUNTU-CVE-2024-42325
Zabbix API user.get returns all users that share common group with the calling user. This includes media and other information, such as login attempts, etc...