Candidate: CVE-2019-17382
PublicDate: 2019-10-09 14:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17382
 https://www.exploit-db.com/exploits/47467
Description:
 An issue was discovered in zabbix.php?action=dashboard.view&dashboardid=1
 in Zabbix through 4.4. An attacker can bypass the login page and access the
 dashboard page, and then create a Dashboard, Report, Screen, or Map without
 any Username/Password (i.e., anonymously). All created elements
 (Dashboard/Report/Screen/Map) are accessible by other users and by an
 admin.
Ubuntu-Description:
Notes:
 ebarretto> Disputed by upstream and closed as not a security bug.
 ebarretto> This issue can be avoided by disabling guest account.
Mitigation:
Bugs:
Priority: low
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N [9.1 CRITICAL]


Patches_zabbix:
upstream_zabbix: needs-triage
precise/esm_zabbix: DNE
trusty_zabbix: ignored (out of standard support)
trusty/esm_zabbix: needed
xenial_zabbix: ignored (end of standard support, was needed)
bionic_zabbix: needed
disco_zabbix: ignored (reached end-of-life)
eoan_zabbix: ignored (reached end-of-life)
focal_zabbix: needed
groovy_zabbix: not-affected (1:5.0.2+dfsg-1)
hirsute_zabbix: not-affected (1:5.0.2+dfsg-1)
impish_zabbix: not-affected (1:5.0.2+dfsg-1)
jammy_zabbix: not-affected (1:5.0.2+dfsg-1)
devel_zabbix: not-affected (1:5.0.2+dfsg-1)