{"id":"CVE-2014-1682","details":"The API in Zabbix before 1.8.20rc1, 2.0.x before 2.0.11rc1, and 2.2.x before 2.2.2rc1 allows remote authenticated users to spoof arbitrary users via the user name in a user.login request.","modified":"2026-01-27T04:12:31.788188Z","published":"2014-05-08T14:29:14Z","withdrawn":"2026-01-27T04:12:31.788188Z","related":["MGASA-2014-0095"],"references":[{"type":"WEB","url":"http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132376.html"},{"type":"WEB","url":"http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132377.html"},{"type":"WEB","url":"http://www.securityfocus.com/bid/65402"},{"type":"WEB","url":"https://support.zabbix.com/browse/ZBX-7703"}],"schema_version":"1.7.3"}