CVE-2024-36464
zabbix - security update
2.7
LOW
CVSS 3.1
EPSS 0.07%
Description
When exporting media types, the password is exported in the YAML in plain text. This appears to be a best practices type issue and may have no actual impact. The user would need to have permissions to access the media types and therefore would be expected to have access to these passwords.
How to fix CVE-2024-36464
To remediate CVE-2024-36464, upgrade the affected package to a fixed version below.
- —upgrade to 1:5.0.45+dfsg-1+deb11u1 or later
- —upgrade to 1:5.0.45+dfsg-1+deb11u1 or later
Is CVE-2024-36464 being exploited?
Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 1:5.0.45+dfsg-1+deb11u1
- from 0, < 1:5.0.45+dfsg-1+deb11u1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | LOW2.7 | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N |