Cybersecurity Warning: Unprotected Plaintext Passwords Exposed
CVE-2024-36460

8.1HIGH

Key Information:

Vendor: Zabbix
Status: Zabbix
Vendor: CVE Published:; 12 August 2024

What is CVE-2024-36460?

A security vulnerability exists in the front-end audit log of Zabbix that allows unauthorized users to view unprotected plaintext passwords. This weakness poses a significant risk, as sensitive credentials can be exposed, compromising the confidentiality of user accounts. The affected versions of the Zabbix monitoring software are particularly vulnerable, making it imperative for users to take proactive measures to secure their environments and safeguard against potential unauthorized access.

Affected Version(s)

Zabbix 5,0,0 <= 5.0.42

Zabbix 6.0.0 <= 6.0.30

Zabbix 6.4.0 <= 6.4.15

References

https://support.zabbix.com/browse/ZBX-25017

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 12, 2024
Vulnerability Reserved
May 28, 2024