Uploaded image for project: 'ZABBIX BUGS AND ISSUES'
  1. ZABBIX BUGS AND ISSUES
  2. ZBX-20350

Unsafe client-side session storage leading to authentication bypass / instance takeover via Zabbix Frontend with configured SAML (CVE-2022-23131)

XMLWordPrintable

    • Team C
    • Sprint 83 (Dec 2021)
    • 1

      CVE number CVE-2022-23131
      CVSS score 9.1
      Severity Critical
      Summary Unsafe client-side session storage leading to authentication bypass/instance takeover via Zabbix Frontend with configured SAML
      Description In the case of instances where the SAML SSO authentication is enabled (non-default), session data can be modified by a malicious actor, because a user login stored in the session was not verified.
      Known attack vectors Malicious unauthenticated actor may exploit this issue to escalate privileges and gain admin access to Zabbix Frontend.
      To perform the attack, SAML authentication is required to be enabled and the actor has to know the username of Zabbix user (or use the guest account, which is disabled by default).
      Resolution To remediate this vulnerability, apply the updates listed in the 'Fixed Version' section to appropriate products or if an immediate update is not possible, follow the presented below workarounds.
      Acknowledgements Zabbix wants to thank Thomas Chauchefoin from SonarSource for reporting this issue to us
      Affected versions 5.4.0 - 5.4.8
      6.0.0alpha1
      Workarounds Disable SAML authentication

            averza Andrejs Verza
            palivoda Rostislav Palivoda
            Team C
            Votes:
            0 Vote for this issue
            Watchers:
            10 Start watching this issue

              Created:
              Updated:
              Resolved: