CVE-2024-36466

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2024-36466

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-36466.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-36466

Downstream

DEBIAN-CVE-2024-36466

UBUNTU-CVE-2024-36466

Published

2024-11-28T08:15:05.290Z

Modified

2026-04-12T07:38:38.247290Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

A bug in the code allows an attacker to sign a forged zbx_session cookie, which then allows them to sign in with admin permissions.

References

https://support.zabbix.com/browse/ZBX-25635

Affected packages

Git / github.com/zabbix/zabbix

Affected ranges

Type

GIT

Repo

https://github.com/zabbix/zabbix

Events

Introduced

5203d2ea7d901cd33d148f20586e2155901a7faa

Fixed

e0ebc610bbe07feec683b36b33b0c7c54d4dfa51

Introduced

Last affected

49955f1fb5c9168a8a24b053f7ade6b3d903143c

Database specific

{
    "versions": [
        {
            "introduced": "6.0.0"
        },
        {
            "fixed": "6.0.32"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "7.0.0-NA"
        }
    ]
}

Affected versions

6.*

6.0.0

6.0.1

6.0.10

6.0.10rc1

6.0.10rc2

6.0.11

6.0.11rc1

6.0.11rc2

6.0.12

6.0.12rc1

6.0.12rc2

6.0.13

6.0.13rc1

6.0.14

6.0.14rc1

6.0.14rc2

6.0.15

6.0.15rc1

6.0.15rc2

6.0.16

6.0.16rc1

6.0.17

6.0.17rc1

6.0.17rc2

6.0.18

6.0.18rc1

6.0.19

6.0.19rc1

6.0.1rc1

6.0.1rc2

6.0.1rc3

6.0.1rc4

6.0.2

6.0.20

6.0.20rc1

6.0.21

6.0.21rc1

6.0.22

6.0.22rc1

6.0.23

6.0.23rc1

6.0.25

6.0.25rc1

6.0.26

6.0.26rc1

6.0.27

6.0.27rc1

6.0.28

6.0.28rc1

6.0.29

6.0.29rc1

6.0.2rc1

6.0.3

6.0.30

6.0.30rc1

6.0.31

6.0.31rc1

6.0.32rc1

6.0.3rc1

6.0.4

6.0.4rc1

6.0.5

6.0.5rc1

6.0.6

6.0.6rc1

6.0.7

6.0.7rc1

6.0.8

6.0.8rc1

6.0.8rc2

6.0.9

6.0.9rc1

6.0.9rc2

7.*

7.0.0

7.0.0alpha1

7.0.0alpha2

7.0.0alpha3

7.0.0alpha4

7.0.0alpha6

7.0.0alpha7

7.0.0alpha8

7.0.0alpha9

7.0.0beta1

7.0.0beta2

7.0.0beta3

7.0.0rc1

7.0.0rc2

7.0.0rc3

Database specific

vanir_signatures_modified

"2026-04-12T07:38:38Z"

unresolved_ranges

[
    {
        "events": [
            {
                "introduced": "6.4.0"
            },
            {
                "fixed": "6.4.17"
            }
        ]
    }
]

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-36466.json"

vanir_signatures

[
    {
        "signature_type": "Line",
        "target": {
            "file": "src/zabbix_java/src/com/zabbix/gateway/GeneralInformation.java"
        },
        "deprecated": false,
        "signature_version": "v1",
        "id": "CVE-2024-36466-304bfe13",
        "source": "https://github.com/zabbix/zabbix/commit/e0ebc610bbe07feec683b36b33b0c7c54d4dfa51",
        "digest": {
            "line_hashes": [
                "268532432675997961382533109683550991275",
                "77468328968705158713064176216215297941",
                "242617437909076284338012963993674069245",
                "53988357087650554977707365843443920215",
                "128232534528403919384584568266563623737",
                "8192478687897789813459981120771879298"
            ],
            "threshold": 0.9
        }
    }
]