The vulnerability of Zabbix’s Web interface, the UI of the IT infrastructure monitoring system, allows a perpetrator to trigger a service failure or compromise the integrity of Zabbix’s Web interface resources.

The vulnerability of Zabbix’s Web interface, the monitoring system for IT infrastructure, is related to the improper assignment of permissions for critical resources. Exploiting this vulnerability allows a malicious actor to cause service failures or compromise the integrity of Zabbix’s Web...

CVE-2024-36469 User enumeration via timing attack in Zabbix web interface

Execution time for an unsuccessful login differs when using a non-existing username compared to using an existing one...

CVE-2024-36469

CVE-2024-36469 affects Zabbix across multiple distributions. The issue is described as a timing discrepancy: execution time for an unsuccessful login differs between non-existent vs. existing usernames. Connected advisories confirm affected packages and vendor-supplied patches: Debian LTS DLA-413...

CVE-2024-36469 User enumeration via timing attack in Zabbix web interface

Execution time for an unsuccessful login differs when using a non-existing username compared to using an existing one...