← Voltar para CVEs
CVE-2022-23131
CRITICALCISA KEV9.1
Descricao
In the case of instances where the SAML SSO authentication is enabled (non-default), session data can be modified by a malicious actor, because a user login stored in the session was not verified. Malicious unauthenticated actor may exploit this issue to escalate privileges and gain admin access to Zabbix Frontend. To perform the attack, SAML authentication is required to be enabled and the actor has to know the username of Zabbix user (or use the guest account, which is disabled by default).
Detalhes CVE
Pontuacao CVSS v3.19.1
SeveridadeCRITICAL
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosNONE
Interacao do usuarioNONE
Publicado1/13/2022
Ultima modificacao10/30/2025
Fontekev
Avistamentos honeypot0
CISA KEV
FornecedorZabbix
ProdutoFrontend
Nome da vulnerabilidadeZabbix Frontend Authentication Bypass Vulnerability
Data inclusao KEV2022-02-22
Prazo de remediacao2022-03-08
Uso em ransomwareUnknown
Produtos afetados
zabbix:zabbix
Fraquezas (CWE)
CWE-290CWE-290
Referencias
https://support.zabbix.com/browse/ZBX-20350(security@zabbix.com)
https://support.zabbix.com/browse/ZBX-20350(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-23131(134c704f-9b21-4f2e-91b3-4a467353bcc0)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.