An issue was discovered in zabbix.php?action=dashboard...
Moderate severity
Unreviewed
Published
May 24, 2022
to the GitHub Advisory Database
•
Updated Aug 31, 2023
Description
Published by the National Vulnerability Database
Oct 9, 2019
Published to the GitHub Advisory Database
May 24, 2022
Last updated
Aug 31, 2023
An issue was discovered in zabbix.php?action=dashboard.view&dashboardid=1 in Zabbix through 4.4. An attacker can bypass the login page and access the dashboard page, and then create a Dashboard, Report, Screen, or Map without any Username/Password (i.e., anonymously). All created elements (Dashboard/Report/Screen/Map) are accessible by other users and by an admin.
References