{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2024-36464","assignerOrgId":"72de3e22-0555-4a0d-ae81-9249e0f0a1e8","state":"PUBLISHED","assignerShortName":"Zabbix","dateReserved":"2024-05-28T11:21:24.946Z","datePublished":"2024-11-27T14:01:58.136Z","dateUpdated":"2025-11-03T21:55:14.745Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","modules":["API","Frontend","Server"],"product":"Zabbix","repo":"https://git.zabbix.com/","vendor":"Zabbix","versions":[{"changes":[{"at":"6.0.30rc1","status":"unaffected"}],"lessThanOrEqual":"6.0.29","status":"affected","version":"6.0.0","versionType":"git"},{"changes":[{"at":"6.4.16rc1","status":"unaffected"}],"lessThanOrEqual":"6.4.15","status":"affected","version":"6.4.0","versionType":"git"},{"changes":[{"at":"7.0.1rc1","status":"unaffected"}],"lessThanOrEqual":"7.0.0","status":"affected","version":"7.0.0alpha1","versionType":"git"}]}],"credits":[{"lang":"en","type":"reporter","value":"Zabbix wants to thank Jayateertha G for submitting this report on the HackerOne bug bounty platform."}],"datePublic":"2024-10-30T13:37:00.000Z","descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"When exporting media types, the password is exported in the YAML in plain text. This appears to be a best practices type issue and may have no actual impact. The user would need to have permissions to access the media types and therefore would be expected to have access to these passwords."}],"value":"When exporting media types, the password is exported in the YAML in plain text. This appears to be a best practices type issue and may have no actual impact. The user would need to have permissions to access the media types and therefore would be expected to have access to these passwords."}],"impacts":[{"descriptions":[{"lang":"en","value":"CWE-200 Exposure of Sensitive Information to an Unauthorized Actor"}]}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":2.7,"baseSeverity":"LOW","confidentialityImpact":"LOW","integrityImpact":"NONE","privilegesRequired":"HIGH","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-256","description":"CWE-256 Plaintext Storage of a Password","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"72de3e22-0555-4a0d-ae81-9249e0f0a1e8","shortName":"Zabbix","dateUpdated":"2024-11-27T14:01:58.136Z"},"references":[{"url":"https://support.zabbix.com/browse/ZBX-25630"}],"source":{"discovery":"EXTERNAL"},"title":"Media Types: Office365, SMTP passwords are unencrypted and visible in plaintext when exported","x_generator":{"engine":"Vulnogram 0.2.0"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-11-27T14:27:15.357237Z","id":"CVE-2024-36464","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-11-27T14:28:40.384Z"}},{"title":"CVE Program Container","references":[{"url":"https://lists.debian.org/debian-lts-announce/2024/12/msg00005.html"}],"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2025-11-03T21:55:14.745Z"}}]}}