CVE-2022-23131
Published: 13 January 2022
In the case of instances where the SAML SSO authentication is enabled (non-default), session data can be modified by a malicious actor, because a user login stored in the session was not verified. Malicious unauthenticated actor may exploit this issue to escalate privileges and gain admin access to Zabbix Frontend. To perform the attack, SAML authentication is required to be enabled and the actor has to know the username of Zabbix user (or use the guest account, which is disabled by default).
Priority
Status
Package | Release | Status |
---|---|---|
zabbix Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(code not present)
|
focal |
Not vulnerable
(code not present)
|
|
hirsute |
Ignored
(end of life)
|
|
impish |
Ignored
(end of life)
|
|
jammy |
Not vulnerable
(code not present)
|
|
kinetic |
Ignored
(end of life, was needs-triage)
|
|
lunar |
Ignored
(end of life, was needs-triage)
|
|
mantic |
Not vulnerable
(5.4.9)
|
|
trusty |
Not vulnerable
(code not present)
|
|
upstream |
Released
(5.4.9)
|
|
xenial |
Not vulnerable
(code not present)
|
|
Patches: upstream: https://git.zabbix.com/projects/ZBX/repos/zabbix/commits/b0f916a867a4d82aaeb569eedd651fe48a52c91c upstream: https://git.zabbix.com/projects/ZBX/repos/zabbix/commits/eea1f70ac668d297b02ab5df93451bd170900ef2 |
Severity score breakdown
Parameter | Value |
---|---|
Base score | 9.8 |
Attack vector | Network |
Attack complexity | Low |
Privileges required | None |
User interaction | None |
Scope | Unchanged |
Confidentiality | High |
Integrity impact | High |
Availability impact | High |
Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |