← Retour aux CVEs
CVE-2022-23131
CRITICALCISA KEV9.1
Description
In the case of instances where the SAML SSO authentication is enabled (non-default), session data can be modified by a malicious actor, because a user login stored in the session was not verified. Malicious unauthenticated actor may exploit this issue to escalate privileges and gain admin access to Zabbix Frontend. To perform the attack, SAML authentication is required to be enabled and the actor has to know the username of Zabbix user (or use the guest account, which is disabled by default).
Details CVE
Score CVSS v3.19.1
SeveriteCRITICAL
Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Vecteur d'attaqueNETWORK
ComplexiteLOW
Privileges requisNONE
Interaction utilisateurNONE
Publie1/13/2022
Derniere modification10/30/2025
Sourcekev
Observations honeypot0
CISA KEV
FournisseurZabbix
ProduitFrontend
Nom vulnerabiliteZabbix Frontend Authentication Bypass Vulnerability
Date ajout KEV2022-02-22
Date limite remediation2022-03-08
Utilise dans ransomwareUnknown
Produits affectes
zabbix:zabbix
Faiblesses (CWE)
CWE-290CWE-290
References
https://support.zabbix.com/browse/ZBX-20350(security@zabbix.com)
https://support.zabbix.com/browse/ZBX-20350(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-23131(134c704f-9b21-4f2e-91b3-4a467353bcc0)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.