CVE-2024-42325: Excessive information returned by user.get

2.1 CVSS

Description

Zabbix API user.get returns all users that share common group with the calling user. This includes media and other information, such as login attempts, etc.

Classification

CVE ID: CVE-2024-42325

CVSS Base Severity: LOW

CVSS Base Score: 2.1

CVSS Vector: CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Problem Types

CWE-359: Exposure of Private Personal Information to an Unauthorized Actor

Affected Products

Vendor: Zabbix

Product: Zabbix

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.03% (probability of being exploited)

EPSS Percentile: 5.54% (scored less or equal to compared to others)

EPSS Date: 2025-04-18 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2024-42325
https://support.zabbix.com/browse/ZBX-26258

Timeline

2025-04-02 07:40:14 UTC
CVE

Excessive information returned by user.get