CVE-2024-36467

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2024-36467
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-36467.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-36467
Downstream
Published
2024-11-27T07:15:09Z
Modified
2025-10-21T21:11:21.708309Z
Severity
  • 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

An authenticated user with API access (e.g.: user with default User role), more specifically a user with access to the user.update API endpoint is enough to be able to add themselves to any group (e.g.: Zabbix Administrators), except to groups that are disabled or having restricted GUI access.

References

Affected packages

Git / github.com/zabbix/zabbix

Affected ranges

Type
GIT
Repo
https://github.com/zabbix/zabbix
Events
Introduced
5203d2ea7d901cd33d148f20586e2155901a7faa
Fixed
e05e6ba9dca6bac63179965db2d95b9e32a11b1b

Affected versions

6.*

6.0.0
6.0.1
6.0.10
6.0.10rc1
6.0.10rc2
6.0.11
6.0.11rc1
6.0.11rc2
6.0.12
6.0.12rc1
6.0.12rc2
6.0.13
6.0.13rc1
6.0.14
6.0.14rc1
6.0.14rc2
6.0.15
6.0.15rc1
6.0.15rc2
6.0.16
6.0.16rc1
6.0.17
6.0.17rc1
6.0.17rc2
6.0.18
6.0.18rc1
6.0.19
6.0.19rc1
6.0.1rc1
6.0.1rc2
6.0.1rc3
6.0.1rc4
6.0.2
6.0.20
6.0.20rc1
6.0.21
6.0.21rc1
6.0.22
6.0.22rc1
6.0.23
6.0.23rc1
6.0.25
6.0.25rc1
6.0.26
6.0.26rc1
6.0.27
6.0.27rc1
6.0.28
6.0.28rc1
6.0.29
6.0.29rc1
6.0.2rc1
6.0.3
6.0.30
6.0.30rc1
6.0.31
6.0.31rc1
6.0.32
6.0.32rc1
6.0.33rc1
6.0.3rc1
6.0.4
6.0.4rc1
6.0.5
6.0.5rc1
6.0.6
6.0.6rc1
6.0.7
6.0.7rc1
6.0.8
6.0.8rc1
6.0.8rc2
6.0.9
6.0.9rc1
6.0.9rc2

Database specific

vanir_signatures

[
    {
        "source": "https://github.com/zabbix/zabbix/commit/e05e6ba9dca6bac63179965db2d95b9e32a11b1b",
        "signature_version": "v1",
        "deprecated": false,
        "id": "CVE-2024-36467-42185414",
        "target": {
            "file": "src/zabbix_java/src/com/zabbix/gateway/GeneralInformation.java"
        },
        "signature_type": "Line",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "42377719247154798294649350857211914722",
                "277301446743689282564066719793421861949",
                "84053493762398819857165875037492472417",
                "134573353912766890848741256532153642229",
                "177130751556011487463321449951885775840",
                "255221815652418511241443785427600625788"
            ]
        }
    }
]