User Spoofing Vulnerability in Zabbix API Affecting Multiple Versions
CVE-2014-1682

Currently unrated

Key Information:

Vendor: Zabbix
Status: Zabbix; Fedora
Vendor: CVE Published:; 8 May 2014

What is CVE-2014-1682?

The Zabbix API, present in versions prior to 1.8.20rc1, 2.0.11rc1, and 2.2.2rc1, contains a vulnerability that allows remote authenticated users to impersonate other users. This occurs through the manipulation of the username in a user.login request, potentially leading to unauthorized access and exploitation of user privileges within the Zabbix system.

References

http://lists.fedoraproject.org/pipermail/package-announce...

vendor-advisoryx_refsource_FEDORA

http://www.securityfocus.com/bid/65402

vdb-entryx_refsource_BID

https://support.zabbix.com/browse/ZBX-7703

x_refsource_CONFIRM

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 8, 2014
Vulnerability Reserved
Jan 28, 2014