Uploaded image for project: 'ZABBIX BUGS AND ISSUES'
  1. ZABBIX BUGS AND ISSUES
  2. ZBX-23854

Leak of zbx_session cookie when using a scheduled report that includes a dashboard with a URL widget (CVE-2023-32725)

XMLWordPrintable

    • Icon: Defect (Security) Defect (Security)
    • Resolution: Fixed
    • Icon: Critical Critical
    • None
    • None
    • Server (S)
    • None

      Mitre ID CVE-2023-32725
      CVSS score 9.6
      CVSS Severity Critical
      CVSS vector https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
      Summary Leak of zbx_session cookie when using a scheduled report that includes a dashboard with a URL widget.
      Description The website configured in the URL widget will receive a session cookie when testing or executing scheduled reports. The received session cookie can then be used to access the frontend as the particular user.
      Common Weakness Enumeration (CWE) CWE-565 Reliance on Cookies without Validation and Integrity Checking
      Common Attack Pattern Enumeration and Classification (CAPEC) CAPEC-593 Session Hijacking
      CAPEC-233 Privilege Escalation
      Known attack vectors Any URL can be configured in a URL widget by a Zabbix user. Zabbix session cookie may become known to the holder of this website and to an attacker. The attacker can use the cookie to pretend to be the Zabbix user who created the report and authorize himself in Zabbix frontend with the privileges of this user. Note that scheduled reports are available to Admin and Super admin user types.
      Patch provided  No
      Component/s Server, Web service
      Affected version/s and fix version/s 6.0.0 - 6.0.21 / 6.0.22rc1
      6.4.0 - 6.4.6 / 6.4.7rc1
      7.0.0alpha1 - 7.0.0alpha3 / 7.0.0alpha4
      Fix compatibility tests None
      Resolution Fixed
      Workarounds Configuring only trusted URLs in the URL widget.
      Acknowledgements -

            zabbix.support Zabbix Support Team
            mmelnikovs Maris Melnikovs
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: