CVE-2022-23131

EUVD-2022-28222
In the case of instances where the SAML SSO authentication is enabled (non-default), session data can be modified by a malicious actor, because a user login stored in the session was not verified. Malicious unauthenticated actor may exploit this issue to escalate privileges and gain admin access to Zabbix Frontend. To perform the attack, SAML authentication is required to be enabled and the actor has to know the username of Zabbix user (or use the guest account, which is disabled by default).
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.1 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
ZabbixCNA
9.1 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 99%
Affected Products (NVD)
VendorProductVersion
zabbixzabbix
5.4.0 ≤
𝑥
≤ 5.4.8
zabbixzabbix
6.0.0:alpha1
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
zabbix
bookworm
1:6.0.14+dfsg-1
fixed
bullseye
1:5.0.8+dfsg-1
fixed
bullseye (security)
1:5.0.44+dfsg-1+deb11u1
fixed
sid
1:7.0.5+dfsg-1
fixed
trixie
1:7.0.3+dfsg-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
zabbix
bionic
not-affected
focal
not-affected
hirsute
ignored
impish
ignored
jammy
not-affected
kinetic
ignored
lunar
ignored
mantic
not-affected
noble
dne
trusty
not-affected
xenial
not-affected
Common Weakness Enumeration
References
https://support.zabbix.com/browse/ZBX-20350
https://support.zabbix.com/browse/ZBX-20350
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-23131