Main Vulnerability Database Vulnerabilities #VU60811

Improper Authentication in Zabbix - CVE-2022-23131

Published: February 23, 2022 / Updated: September 20, 2024

Vulnerability identifier: #VU60811

CSH Severity: High

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Amber

CVE-ID: CVE-2022-23131

CWE-ID: CWE-287

Exploitation vector: Remote access

Exploit availability: The vulnerability is being exploited in the wild

Vendor: Zabbix

Affected software:
Zabbix

Detailed vulnerability description

The vulnerability allows a remote attacker to bypass SAML authentication process.

The vulnerability exists due to unsafe usage of session data stored in local storage when using SAML SSO authentication. A remote attacker with knowledge of a valid username can bypass SAML SSO authentication and gain administrative access to Zabbix Frontend.

Successful exploitation of the vulnerability requires that the SAML SSO authentication is enabled (disabled by default).

How to mitigate CVE-2022-23131

Install updates from vendor's website.

Sources

https://support.zabbix.com/browse/ZBX-20350

Improper Authentication in Zabbix - CVE-2022-23131

Detailed vulnerability description

How to mitigate CVE-2022-23131

Sources

Please verify you're human