CVE-2024-36466

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2024-36466
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-36466.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-36466
Downstream
Published
2024-11-28T08:15:05Z
Modified
2025-10-17T03:17:51.454296Z
Severity
  • 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

A bug in the code allows an attacker to sign a forged zbx_session cookie, which then allows them to sign in with admin permissions.

References

Affected packages

Git / github.com/zabbix/zabbix

Affected ranges

Type
GIT
Repo
https://github.com/zabbix/zabbix
Events
Introduced
5203d2ea7d901cd33d148f20586e2155901a7faa
Fixed
e0ebc610bbe07feec683b36b33b0c7c54d4dfa51

Affected versions

6.*

6.0.0
6.0.1
6.0.10
6.0.10rc1
6.0.10rc2
6.0.11
6.0.11rc1
6.0.11rc2
6.0.12
6.0.12rc1
6.0.12rc2
6.0.13
6.0.13rc1
6.0.14
6.0.14rc1
6.0.14rc2
6.0.15
6.0.15rc1
6.0.15rc2
6.0.16
6.0.16rc1
6.0.17
6.0.17rc1
6.0.17rc2
6.0.18
6.0.18rc1
6.0.19
6.0.19rc1
6.0.1rc1
6.0.1rc2
6.0.1rc3
6.0.1rc4
6.0.2
6.0.20
6.0.20rc1
6.0.21
6.0.21rc1
6.0.22
6.0.22rc1
6.0.23
6.0.23rc1
6.0.25
6.0.25rc1
6.0.26
6.0.26rc1
6.0.27
6.0.27rc1
6.0.28
6.0.28rc1
6.0.29
6.0.29rc1
6.0.2rc1
6.0.3
6.0.30
6.0.30rc1
6.0.31
6.0.31rc1
6.0.32rc1
6.0.3rc1
6.0.4
6.0.4rc1
6.0.5
6.0.5rc1
6.0.6
6.0.6rc1
6.0.7
6.0.7rc1
6.0.8
6.0.8rc1
6.0.8rc2
6.0.9
6.0.9rc1
6.0.9rc2

Database specific

vanir_signatures

[
    {
        "signature_version": "v1",
        "target": {
            "file": "src/zabbix_java/src/com/zabbix/gateway/GeneralInformation.java"
        },
        "source": "https://github.com/zabbix/zabbix/commit/e0ebc610bbe07feec683b36b33b0c7c54d4dfa51",
        "digest": {
            "line_hashes": [
                "268532432675997961382533109683550991275",
                "77468328968705158713064176216215297941",
                "242617437909076284338012963993674069245",
                "53988357087650554977707365843443920215",
                "128232534528403919384584568266563623737",
                "8192478687897789813459981120771879298"
            ],
            "threshold": 0.9
        },
        "deprecated": false,
        "id": "CVE-2024-36466-304bfe13",
        "signature_type": "Line"
    }
]