8 matches found
EUVD-2024-36350
Malicious code in bioql PyPI...
The vulnerability of the SSO authentication mechanism of the universal monitoring system Zabbix allows attackers to circumvent existing security restrictions and enhance their privileges.
The vulnerability of the Single Sign-On SSO authentication mechanism of the universal monitoring system Zabbix relates to the ability to bypass authentication through spoofing. Exploiting this vulnerability allows a malicious actor to circumvent existing security restrictions and enhance their...
SUSE CVE-2024-36466
A bug in the code allows an attacker to sign a forged zbxsession cookie, which then allows them to sign in with admin permissions...
CVE-2024-36466
A bug in the code allows an attacker to sign a forged zbxsession cookie, which then allows them to sign in with admin permissions...
CVE-2024-36466
A bug in the code allows an attacker to sign a forged zbxsession cookie, which then allows them to sign in with admin permissions...
CVE-2024-36466
A bug in the code allows an attacker to sign a forged zbxsession cookie, which then allows them to sign in with admin permissions...
CVE-2024-36466 Unauthenticated Zabbix frontend takeover when SSO is being used
A bug in the code allows an attacker to sign a forged zbxsession cookie, which then allows them to sign in with admin permissions...
CVE-2024-36466
CVE-2024-36466 describes a flaw in Zabbix where an attacker can forge the zbx_session cookie, enabling sign‑in with admin permissions via the frontend authentication mechanism. The description and multiple third‑party advisories (e.g., Zabbix references, Tencent/Tenable Nessus plugins, and NCSC a...