3 matches found
CVE-2025-27236 User information disclosure via api_jsonrpc.php on method user.get with param search
A regular Zabbix user can search other users in their user group via Zabbix API by select fields the user does not have access to view. This allows data-mining some field values the user does not have access to...
SUSE CVE-2019-15132
Zabbix through 4.4.0alpha1 allows User Enumeration. With login requests, it is possible to enumerate application usernames based on the variability of server responses e.g., the "Login name or password is incorrect" and "No permissions for system access" messages, or just blocking for a number of...
UBUNTU-CVE-2022-26148
An issue was discovered in Grafana through 7.3.4, when integrated with Zabbix. The Zabbix password can be found in the apijsonrpc.php HTML source code. When the user logs in and allows the user to register, one can right click to view the source code and use Ctrl-F to search for password in...