Fedora Account System
Red Hat Associate
Red Hat Customer
In Zabbix before 4.0.28rc1, 5.x before 5.0.8rc1, 5.1.x and 5.2.x before 5.2.4rc1, and 5.3.x and 5.4.x before 5.4.0alpha1, the CControllerAuthenticationUpdate controller lacks a CSRF protection mechanism. The code inside this controller calls diableSIDValidation inside the init() method. https://support.zabbix.com/browse/ZBX-18942
Created zabbix tracking bugs for this issue: Affects: fedora-all [bug 1934826] Created zabbix30 tracking bugs for this issue: Affects: epel-7 [bug 1934827] Created zabbix40 tracking bugs for this issue: Affects: epel-all [bug 1934828]
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.