Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-jked-29nn-tqe3
SummaryAn authenticated user with API access (e.g.: user with default User role), more specifically a user with access to the user.update API endpoint is enough to be able to add themselves to any group (e.g.: Zabbix Administrators), except to groups that are disabled or having restricted GUI access.
Aliases
0
alias CVE-2024-36467
Fixed_packages
0
url pkg:deb/debian/zabbix@1:5.0.8%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/zabbix@1:5.0.8%2Bdfsg-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-18kh-njx3-p7aw
1
vulnerability VCID-53f2-uzt4-pqgs
2
vulnerability VCID-8zqh-3xt2-nbdq
3
vulnerability VCID-bff2-nhum-ckhj
4
vulnerability VCID-dr1v-72p6-2yhn
5
vulnerability VCID-frdw-trch-uufq
6
vulnerability VCID-gapt-kwkw-kkek
7
vulnerability VCID-gj5s-dde8-1ubx
8
vulnerability VCID-nv7m-hsr3-17gk
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/zabbix@1:5.0.8%252Bdfsg-1%3Fdistro=trixie
1
url pkg:deb/debian/zabbix@1:5.0.44%2Bdfsg-1%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/zabbix@1:5.0.44%2Bdfsg-1%2Bdeb11u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/zabbix@1:5.0.44%252Bdfsg-1%252Bdeb11u1%3Fdistro=trixie
2
url pkg:deb/debian/zabbix@1:7.0.2%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/zabbix@1:7.0.2%2Bdfsg-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/zabbix@1:7.0.2%252Bdfsg-1%3Fdistro=trixie
3
url pkg:deb/debian/zabbix@1:7.0.22%2Bdfsg-1~deb13u1?distro=trixie
purl pkg:deb/debian/zabbix@1:7.0.22%2Bdfsg-1~deb13u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/zabbix@1:7.0.22%252Bdfsg-1~deb13u1%3Fdistro=trixie
4
url pkg:deb/debian/zabbix@1:7.0.22%2Bdfsg-1.1?distro=trixie
purl pkg:deb/debian/zabbix@1:7.0.22%2Bdfsg-1.1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/zabbix@1:7.0.22%252Bdfsg-1.1%3Fdistro=trixie
Affected_packages
0
url pkg:deb/debian/zabbix@1:6.0.14%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/zabbix@1:6.0.14%2Bdfsg-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-18kh-njx3-p7aw
1
vulnerability VCID-21tq-54r3-cqec
2
vulnerability VCID-2jas-5kc1-puat
3
vulnerability VCID-35gu-ctk8-2yd2
4
vulnerability VCID-3azv-fsyx-n3fz
5
vulnerability VCID-3stx-z7ze-wbe8
6
vulnerability VCID-53f2-uzt4-pqgs
7
vulnerability VCID-547k-dyst-k3gx
8
vulnerability VCID-5t3t-6uqs-akbk
9
vulnerability VCID-75fb-vhhc-fbe8
10
vulnerability VCID-7ajm-my3d-7fgy
11
vulnerability VCID-8eb9-mxpg-5kf2
12
vulnerability VCID-8zqh-3xt2-nbdq
13
vulnerability VCID-ambh-afzs-2kg9
14
vulnerability VCID-beqm-vczf-dqgj
15
vulnerability VCID-bff2-nhum-ckhj
16
vulnerability VCID-buz8-zycr-tbh2
17
vulnerability VCID-dr1v-72p6-2yhn
18
vulnerability VCID-fefk-6mjh-67fm
19
vulnerability VCID-frdw-trch-uufq
20
vulnerability VCID-gapt-kwkw-kkek
21
vulnerability VCID-gj5s-dde8-1ubx
22
vulnerability VCID-h5fw-ktc6-rqd3
23
vulnerability VCID-hhsz-ba47-zka4
24
vulnerability VCID-jate-jey2-n3g1
25
vulnerability VCID-jkcz-zpks-ubgz
26
vulnerability VCID-jked-29nn-tqe3
27
vulnerability VCID-jx4z-thz3-rbdw
28
vulnerability VCID-jy3a-zvh4-b3ag
29
vulnerability VCID-kfz9-wq8k-nkb3
30
vulnerability VCID-m5us-tmqh-wkbm
31
vulnerability VCID-mpy5-d7qa-u7fz
32
vulnerability VCID-n38c-6usb-tkgq
33
vulnerability VCID-nv7m-hsr3-17gk
34
vulnerability VCID-pgj4-u64z-17bt
35
vulnerability VCID-pr1g-m4k2-1ue1
36
vulnerability VCID-sc8u-4w9c-23ev
37
vulnerability VCID-t864-v2g6-jbhk
38
vulnerability VCID-tbsd-gk6n-9ygc
39
vulnerability VCID-u4hp-dwsj-53b9
40
vulnerability VCID-ubyg-pbmy-ekds
41
vulnerability VCID-vuzz-by1n-aff9
42
vulnerability VCID-w384-t6ne-s3g7
43
vulnerability VCID-w4dd-77t2-wuc7
44
vulnerability VCID-wurt-zx5x-8kds
45
vulnerability VCID-wv5n-ccn5-fqc2
46
vulnerability VCID-xaqm-x1w4-s3hn
47
vulnerability VCID-xwr8-85au-ukd7
48
vulnerability VCID-ytep-z8dn-vfh7
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/zabbix@1:6.0.14%252Bdfsg-1%3Fdistro=trixie
References
0
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
1
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1088689
reference_id 1088689
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1088689
2
reference_url https://support.zabbix.com/browse/ZBX-25614
reference_id ZBX-25614
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-12-04T04:55:25Z/
url https://support.zabbix.com/browse/ZBX-25614
Weaknesses
0
cwe_id 285
name Improper Authorization
description The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.
Exploits
Severity_range_score6.5 - 7.5
Exploitability0.5
Weighted_severity0.0
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-jked-29nn-tqe3