CVE-2024-36464

{"id": "CVE-2024-36464", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security@zabbix.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 2.7, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 1.2}]}, "published": "2024-11-27T14:15:17.830", "references": [{"url": "https://support.zabbix.com/browse/ZBX-25630", "tags": ["Vendor Advisory"], "source": "security@zabbix.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "security@zabbix.com", "description": [{"lang": "en", "value": "CWE-256"}]}], "descriptions": [{"lang": "en", "value": "When exporting media types, the password is exported in the YAML in plain text. This appears to be a best practices type issue and may have no actual impact. The user would need to have permissions to access the media types and therefore would be expected to have access to these passwords."}, {"lang": "es", "value": "Al exportar tipos de medios, la contrase\u00f1a se exporta en el YAML en texto plano. Esto parece ser un problema de tipo de mejores pr\u00e1cticas y es posible que no tenga un impacto real. El usuario necesitar\u00eda tener permisos para acceder a los tipos de medios y, por lo tanto, se esperar\u00eda que tuviera acceso a estas contrase\u00f1as."}], "lastModified": "2025-10-08T15:31:21.867", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:zabbix:zabbix:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E2ABA3CB-37C8-4E16-920F-C04057E4AC59", "versionEndExcluding": "6.0.30", "versionStartIncluding": "6.0.0"}, {"criteria": "cpe:2.3:a:zabbix:zabbix:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "36624607-A007-47B9-87E1-E9FA33D63F69", "versionEndExcluding": "6.4.15", "versionStartIncluding": "6.4.0"}], "operator": "OR"}]}], "sourceIdentifier": "security@zabbix.com"}