Uploaded image for project: 'ZABBIX BUGS AND ISSUES'
  1. ZABBIX BUGS AND ISSUES
  2. ZBX-20350

Unsafe client-side session storage leading to authentication bypass / instance takeover via Zabbix Frontend with configured SAML (CVE-2022-23131)

    XMLWordPrintable

Details

    • Team C
    • Sprint 83 (Dec 2021)
    • 1

    Description

      CVE number CVE-2022-23131
      CVSS score 9.1
      Severity Critical
      Summary Unsafe client-side session storage leading to authentication bypass/instance takeover via Zabbix Frontend with configured SAML
      Description In the case of instances where the SAML SSO authentication is enabled (non-default), session data can be modified by a malicious actor, because a user login stored in the session was not verified.
      Known attack vectors Malicious unauthenticated actor may exploit this issue to escalate privileges and gain admin access to Zabbix Frontend.
      To perform the attack, SAML authentication is required to be enabled and the actor has to know the username of Zabbix user (or use the guest account, which is disabled by default).
      Resolution To remediate this vulnerability, apply the updates listed in the 'Fixed Version' section to appropriate products or if an immediate update is not possible, follow the presented below workarounds.
      Acknowledgements Zabbix wants to thank Thomas Chauchefoin from SonarSource for reporting this issue to us
      Affected versions 5.4.0 - 5.4.8
      6.0.0alpha1
      Workarounds Disable SAML authentication

      Attachments

        Issue Links

          Activity

            People

              averza Andrejs Verza
              palivoda Rostislav Palivoda
              Votes:
              0 Vote for this issue
              Watchers:
              10 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: