CVE-2024-36460
EUVD-2024-3610412.08.2024, 13:38
The front-end audit log allows viewing of unprotected plaintext passwords, where the passwords are displayed in plain text.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| zabbix | zabbix | 5.0.0 ≤ 𝑥 ≤ 5.0.42 |
| zabbix | zabbix | 6.0.0 ≤ 𝑥 ≤ 6.0.30 |
| zabbix | zabbix | 6.4.0 ≤ 𝑥 ≤ 6.4.15 |
| zabbix | zabbix | 7.0.0 |
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
| Vendor | Product | Version | Source |
|---|---|---|---|
| zabbix | zabbix | 5.0.0 ≤ 𝑥 ≤ 5.0.42 | ADP |
| zabbix | zabbix | 6.0.0 ≤ 𝑥 ≤ 6.0.30 | ADP |
| zabbix | zabbix | 6.4.0 ≤ 𝑥 ≤ 6.4.15 | ADP |
| zabbix | zabbix | 7.0.0alpha1 ≤ 𝑥 ≤ 7.0.0rc2 | ADP |
Debian Releases
Common Weakness Enumeration
- CWE-256 - Plaintext Storage of a PasswordStoring a password in plaintext may result in a system compromise.
- CWE-522 - Insufficiently Protected CredentialsThe product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.