CVSS: 9.8EPSS: 97%CPEs: 2EXPL: 8CVE-2022-23131 – Zabbix Frontend Authentication Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2022-23131
In the case of instances where the SAML SSO authentication is enabled (non-default), session data can be modified by a malicious actor, because a user login stored in the session was not verified. Malicious unauthenticated actor may exploit this issue to escalate privileges and gain admin access to Zabbix Frontend. To perform the attack, SAML authentication is required to be enabled and the actor has to know the username of Zabbix user (or use the guest account, which is disabled by default). En el caso de las instancias en las que la autenticación SAML SSO está habilitada (no por defecto), los datos de la sesión pueden ser modificados por un actor malicioso, ya que un login de usuario almacenado en la sesión no fue verificado. Un actor malicioso no autenticado puede explotar este problema para escalar privilegios y conseguir acceso de administrador a Zabbix Frontend. • https://github.com/jweny/CVE-2022-23131 https://github.com/kh4sh3i/CVE-2022-23131 https://github.com/Kazaf6s/CVE-2022-23131 https://github.com/1mxml/CVE-2022-23131 https://github.com/r10lab/CVE-2022-23131 https://github.com/trganda/CVE-2022-23131 https://github.com/Vulnmachines/Zabbix-CVE-2022-23131 https://github.com/pykiller/CVE-2022-23131 https://support.zabbix.com/browse/ZBX-20350 • CWE-290: Authentication Bypass by Spoofing •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2021-27927
https://notcve.org/view.php?id=CVE-2021-27927
In Zabbix from 4.0.x before 4.0.28rc1, 5.0.0alpha1 before 5.0.10rc1, 5.2.x before 5.2.6rc1, and 5.4.0alpha1 before 5.4.0beta2, the CControllerAuthenticationUpdate controller lacks a CSRF protection mechanism. The code inside this controller calls diableSIDValidation inside the init() method. An attacker doesn't have to know Zabbix user login credentials, but has to know the correct Zabbix URL and contact information of an existing user with sufficient privileges. En Zabbix desde las versiones 4.0.x anteriores a 4.0.28rc1, versiones 5.0.0alpha1 anteriores a 5.0.10rc1, versiones 5.2.x anteriores a 5.2.6rc1, y versiones 5.4.0alpha1 anteriores a 5.4.0beta2, el controlador CControllerAuthenticationUpdate carece de un mecanismo de protección CSRF. El código dentro de este controlador llama a diableSIDValidation dentro del método init(). • https://lists.debian.org/debian-lts-announce/2023/04/msg00013.html https://support.zabbix.com/browse/ZBX-18942 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.8EPSS: 2%CPEs: 7EXPL: 0CVE-2020-11800
https://notcve.org/view.php?id=CVE-2020-11800
Zabbix Server 2.2.x and 3.0.x before 3.0.31, and 3.2 allows remote attackers to execute arbitrary code. Zabbix Server versiones 2.2.x y 3.0.x anteriores a 3.0.31 y 3.2, permite a atacantes remotos ejecutar código arbitrario • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00007.html https://lists.debian.org/debian-lts-announce/2020/11/msg00039.html https://support.zabbix.com/browse/DEV-1538 https://support.zabbix.com/browse/ZBX-17600 https://support.zabbix.com/browse/ZBXSEC-30 •
CVSS: 6.1EPSS: 4%CPEs: 18EXPL: 0CVE-2020-15803
https://notcve.org/view.php?id=CVE-2020-15803
Zabbix before 3.0.32rc1, 4.x before 4.0.22rc1, 4.1.x through 4.4.x before 4.4.10rc1, and 5.x before 5.0.2rc1 allows stored XSS in the URL Widget. Zabbix versiones anteriores a 3.0.32rc1, versiones 4.x anteriores a 4.0.22rc1, versiones 4.1.x hasta 4.4.x anteriores a 4.4.10rc1 y versiones 5.x anteriores a 5.0.2rc1, permite un ataque de tipo XSS almacenado en el widget URL • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00007.html https://lists.debian.org/debian-lts-announce/2020/08/msg00007.html https://lists.debian.org/debian-lts-announce/2021/04/msg00018.html https://lists.debian.org/debian-lts-announce/2023/04/msg00013.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2ZHHIUYIVA5GZYLKW6A5G6HRELPOBZFE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TIRIMOXH6GSBAANDCB3ANLJK4CRLWRXT • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 1CVE-2013-3738
https://notcve.org/view.php?id=CVE-2013-3738
A File Inclusion vulnerability exists in Zabbix 2.0.6 due to inadequate sanitization of request strings in CGI scripts, which could let a remote malicious user execute arbitrary code. Se presenta una vulnerabilidad de inclusión de archivos en Zabbix versión 2.0.6, debido a un saneamiento inapropiado de las cadenas de petición en los scripts CGI, lo que podría conllevar a un usuario malicioso remoto ejecutar código arbitrario. • http://support.zabbix.com/browse/ZBX-6652 • CWE-20: Improper Input Validation •