-
Defect (Security)
-
Resolution: Fixed
-
Major
-
None
-
None
| Mitre ID | CVE-2023-32723 |
| CVSS score | 8.5 https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:N |
| Severity | high |
| Summary | Inefficient permission check in class CControllerAuthenticationUpdate |
| Description | Request to LDAP is sent before user permissions are checked. |
| Known attack vectors | This vulnerability is causing unauthorized Server-Side Request Forgery (SSRF) in Zabbix Frontend. Attack involves an attacker abusing server functionality to access or modify resources. The attacker targets an application that supports data reads or imports from URLs. |
| Patch provided | No |
| Component/s | Frontend |
| Affected version/s and fix version/s | 4.0.0 - 4.0.19rc1 / 4.0.20rc1 4.4.0 - 4.4.7rc1 / 4.4.8rc1 5.0.0alpha3 / 5.0.0alpha4 |
| Fix compatibility tests | - |
| Resolution | Fixed |
| Workarounds | |
| Acknowledgements | Zabbix wants to thank xiaojunjie |