Zabbix: Unauthorized Group Addition Vulnerability Discovered - Proactive Insights and Support For Open-Source Applications

In Zabbix versions 5.0.0 <= 5.0.42, 6.0.0 <= 6.0.32, 6.4.0 <= 6.4.17, and 7.0.0 <= 7.0.1rc1 a high severity vulnerability CVE-2024-36467 was detected. This vulnerability allows authenticated users with API access (users with the default User role) to add themselves to any group, such as Zabbix Administrators, except for groups that are disabled or have restricted GUI access. Currently there is no fix version for this issue. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-36467.