A vulnerability was found in Zabbix 5.0.2, where an attacker can use one CSRF token and send request on the user behalf, and the token will be valid in every request. References: ttp://almorabea.net/cves/zabbix.txt
Created zabbix tracking bugs for this issue: Affects: fedora-all [bug 1907498] Created zabbix30 tracking bugs for this issue: Affects: epel-7 [bug 1907499] Created zabbix40 tracking bugs for this issue: Affects: epel-7 [bug 1907500] Affects: epel-8 [bug 1907501]
Acknowledgments: Name: Ahmad Almorabea (twitter @almorabea)
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.
I can find no other supporting information about this supposed vulnerability.