CVE-2024-36464

NameCVE-2024-36464
DescriptionWhen exporting media types, the password is exported in the YAML in plain text. This appears to be a best practices type issue and may have no actual impact. The user would need to have permissions to access the media types and therefore would be expected to have access to these passwords.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs1088689

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
zabbix (PTS)bullseye1:5.0.8+dfsg-1vulnerable
bullseye (security)1:5.0.44+dfsg-1+deb11u1vulnerable
bookworm1:6.0.14+dfsg-1vulnerable
sid, trixie1:7.0.6+dfsg-1vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
zabbixsource(unstable)(unfixed)1088689

Notes

https://support.zabbix.com/browse/ZBX-25630

Search for package or bug name: Reporting problems