ALT-PU-2026-4754-2

Severity:

Closed issues (2)

BDU:2026-05709

MEDIUM6.4

Уязвимость универсальной системы мониторинга Zabbix, связанная с недостатками механизма авторизации, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

Published: 2026-04-22Modified: 2026-04-27

CVSS 3.xMEDIUM 6.4

CVSS:3.x/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L

CVSS 2.0MEDIUM 5.5

CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:P/A:P

References

CVE-2026-23925

CVE-2026-23925

MEDIUM5.1

An authenticated Zabbix user (User role) with template/host write permissions is able to create objects via the configuration.import API. This can lead to confidentiality loss by creating unauthorized hosts. Note that the User role is normally not sufficient to create and edit templates/hosts even with write permissions.

Published: 2026-03-06Modified: 2026-03-09

CVSS 4.0MEDIUM 5.1

CVSS:4.0/CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:L/SC:H/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

References

https://support.zabbix.com/browse/ZBX-27567

Closed bugs (1)

Bug #57478

Package update zabbix in branch sisyphus

Closed issues (2)

Closed bugs (1)

Небезопасная зависимость от zabbix-agent-sudo