CVE-2024-36464

When exporting media types, the password is exported in the YAML in plain text. This appears to be a best practices type issue and may have no actual impact. The user would need to have permissions to access the media types and therefore would be expected to have access to these passwords.

CVSS v3 2.7 LOW

2.7^/10

CVSS v3 : LOW

V3 Legend

Vector :

Exploitability : 1.2 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://support.zabbix.com/browse/ZBX-25630	Vendor Advisory
https://lists.debian.org/debian-lts-announce/2024/12/msg00005.html

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:zabbix:zabbix::::::::
	cpe:2.3:a:zabbix:zabbix::::::::

History

03 Nov 2025, 22:16

Type	Values Removed	Values Added
References		() https://lists.debian.org/debian-lts-announce/2024/12/msg00005.html -

08 Oct 2025, 15:31

Type	Values Removed	Values Added
Summary		(es) Al exportar tipos de medios, la contraseña se exporta en el YAML en texto plano. Esto parece ser un problema de tipo de mejores prácticas y es posible que no tenga un impacto real. El usuario necesitaría tener permisos para acceder a los tipos de medios y, por lo tanto, se esperaría que tuviera acceso a estas contraseñas.
CPE		cpe:2.3:a:zabbix:zabbix::::::::
First Time		Zabbix Zabbix zabbix
References	~~() https://support.zabbix.com/browse/ZBX-25630 -~~	() https://support.zabbix.com/browse/ZBX-25630 - Vendor Advisory

27 Nov 2024, 14:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-11-27 14:15

Updated : 2025-11-03 22:16

NVD link : CVE-2024-36464

Mitre link : CVE-2024-36464

CVE.ORG link : CVE-2024-36464

JSON object : View

Products Affected

zabbix

zabbix

CWE

CWE-256

Unprotected Storage of Credentials

2.7 /10