SB2022011754 - Fedora EPEL 7 update for zabbix50

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2022011754

SB2022011754 - Fedora EPEL 7 update for zabbix50

Published: January 17, 2022

Security Bulletin ID SB2022011754
Severity
High
Patch available
YES
Number of vulnerabilities 4
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 25% Medium 25% Low 50%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 4 secuirty vulnerabilities.


1) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2022-23132)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to during Zabbix installation from RPM, DAC_OVERRIDE SELinux capability is in use to access PID files in [/var/run/zabbix] folder. In this case, Zabbix Proxy or Server processes can bypass file read, write and execute permissions check on the file system level.


2) Stored cross-site scripting (CVE-ID: CVE-2022-23133)

The disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data when processing host groups. A remote user can permanently inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.


3) Improper access control (CVE-ID: CVE-2022-23134)

The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions to certain steps of setup.php file. A remote non-authenticated attacker can bypass implemented security restrictions and change the configuration of Zabbix Frontend.


4) Improper Authentication (CVE-ID: CVE-2022-23131)

The vulnerability allows a remote attacker to bypass SAML authentication process.

The vulnerability exists due to unsafe usage of session data stored in local storage when using SAML SSO authentication. A remote attacker with knowledge of a valid username can bypass SAML SSO authentication and gain administrative access to Zabbix Frontend.

Successful exploitation of the vulnerability requires that the SAML SSO authentication is enabled (disabled by default).


Remediation

Install update from vendor's website.

References