Red Hat Bugzilla – Bug 1095926
CVE-2014-1685 zabbix: unauthorized modification of user media via Zabbix Admin users
Last modified: 2015-09-05 14:58:25 EDT
Common Vulnerabilities and Exposures assigned an identifier CVE-2014-1685 to
the following vulnerability:
The Frontend in Zabbix before 1.8.20rc2, 2.0.x before 2.0.11rc2, and
2.2.x before 2.2.2rc1 allows remote "Zabbix Admin" users to modify the
media of arbitrary users via unspecified vectors.
Current Fedora has zabbix-2.0.11
Current EPEL5 has zabbix20-2.0.11
Current EPEL6 has zabbix-1.8.20, zabbix20-2.0.11, zabbix22-2.2.1 (this last one is still vulnerable)
Created zabbix22 tracking bugs for this issue:
Affects: epel-6 [bug 1095927]
Oh, nevermind the 2 updates!
zabbix-2.0.12-1.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report.
zabbix-2.0.12-1.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report.