Candidate: CVE-2017-2826
PublicDate: 2018-04-09 20:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2826
 https://talosintelligence.com/vulnerability_reports/TALOS-2017-0327
Description:
 An information disclosure vulnerability exists in the iConfig proxy request
 of Zabbix server 2.4.X. A specially crafted iConfig proxy request can cause
 the Zabbix server to send the configuration information of any Zabbix
 proxy, resulting in information disclosure. An attacker can make requests
 from an active Zabbix proxy to trigger this vulnerability.
Ubuntu-Description:
Notes:
Bugs:
Priority: low
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N [3.7 LOW]


Patches_zabbix:
 upstream: https://github.com/zabbix/zabbix/commit/587baa641808bf3a5d391934853c4572d1a9e9d7
 upstream: https://github.com/zabbix/zabbix/commit/044f00a956077ba7246ce0761b13b0341c937232
upstream_zabbix: released (2.0.21rc1, 2.2.18rc1, 3.0.9rc1, 3.2.5rc1, 3.4.0alpha1)
precise/esm_zabbix: DNE
trusty_zabbix: ignored (out of standard support)
trusty/esm_zabbix: needed
xenial_zabbix: ignored (end of standard support, was needed)
artful_zabbix: ignored (reached end-of-life)
bionic_zabbix: not-affected
cosmic_zabbix: not-affected
disco_zabbix: not-affected
eoan_zabbix: not-affected
focal_zabbix: not-affected
groovy_zabbix: not-affected
hirsute_zabbix: not-affected
impish_zabbix: not-affected
jammy_zabbix: not-affected
devel_zabbix: not-affected