{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-36464", "assignerOrgId": "72de3e22-0555-4a0d-ae81-9249e0f0a1e8", "state": "PUBLISHED", "assignerShortName": "Zabbix", "dateReserved": "2024-05-28T11:21:24.946Z", "datePublished": "2024-11-27T14:01:58.136Z", "dateUpdated": "2024-11-27T14:28:40.384Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "modules": ["API", "Frontend", "Server"], "product": "Zabbix", "repo": "https://git.zabbix.com/", "vendor": "Zabbix", "versions": [{"changes": [{"at": "6.0.30rc1", "status": "unaffected"}], "lessThanOrEqual": "6.0.29", "status": "affected", "version": "6.0.0", "versionType": "git"}, {"changes": [{"at": "6.4.16rc1", "status": "unaffected"}], "lessThanOrEqual": "6.4.15", "status": "affected", "version": "6.4.0", "versionType": "git"}, {"changes": [{"at": "7.0.1rc1", "status": "unaffected"}], "lessThanOrEqual": "7.0.0", "status": "affected", "version": "7.0.0alpha1", "versionType": "git"}]}], "credits": [{"lang": "en", "type": "reporter", "value": "Zabbix wants to thank Jayateertha G for submitting this report on the HackerOne bug bounty platform."}], "datePublic": "2024-10-30T13:37:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "When exporting media types, the password is exported in the YAML in plain text. This appears to be a best practices type issue and may have no actual impact. The user would need to have permissions to access the media types and therefore would be expected to have access to these passwords."}], "value": "When exporting media types, the password is exported in the YAML in plain text. This appears to be a best practices type issue and may have no actual impact. The user would need to have permissions to access the media types and therefore would be expected to have access to these passwords."}], "impacts": [{"descriptions": [{"lang": "en", "value": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 2.7, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-256", "description": "CWE-256 Plaintext Storage of a Password", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "72de3e22-0555-4a0d-ae81-9249e0f0a1e8", "shortName": "Zabbix", "dateUpdated": "2024-11-27T14:01:58.136Z"}, "references": [{"url": "https://support.zabbix.com/browse/ZBX-25630"}], "source": {"discovery": "EXTERNAL"}, "title": "Media Types: Office365, SMTP passwords are unencrypted and visible in plaintext when exported", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-11-27T14:27:15.357237Z", "id": "CVE-2024-36464", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-27T14:28:40.384Z"}}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:zabbix:zabbix:*:*:*:*:*:*:*:*", "matchCriteriaId": "E2ABA3CB-37C8-4E16-920F-C04057E4AC59", "versionEndExcluding": "6.0.30", "versionStartIncluding": "6.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:zabbix:zabbix:*:*:*:*:*:*:*:*", "matchCriteriaId": "36624607-A007-47B9-87E1-E9FA33D63F69", "versionEndExcluding": "6.4.15", "versionStartIncluding": "6.4.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "When exporting media types, the password is exported in the YAML in plain text. This appears to be a best practices type issue and may have no actual impact. The user would need to have permissions to access the media types and therefore would be expected to have access to these passwords."}, {"lang": "es", "value": "Al exportar tipos de medios, la contrase\u00f1a se exporta en el YAML en texto plano. Esto parece ser un problema de tipo de mejores pr\u00e1cticas y es posible que no tenga un impacto real. El usuario necesitar\u00eda tener permisos para acceder a los tipos de medios y, por lo tanto, se esperar\u00eda que tuviera acceso a estas contrase\u00f1as."}], "id": "CVE-2024-36464", "lastModified": "2025-10-08T15:31:21.867", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 2.7, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 1.4, "source": "security@zabbix.com", "type": "Secondary"}]}, "published": "2024-11-27T14:15:17.830", "references": [{"source": "security@zabbix.com", "tags": ["Vendor Advisory"], "url": "https://support.zabbix.com/browse/ZBX-25630"}], "sourceIdentifier": "security@zabbix.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-256"}], "source": "security@zabbix.com", "type": "Secondary"}]}

{}

{}