In the case of instances where the SAML SSO authentication is enabled (non-default), session data can be modified by a malicious actor, because a user login stored in the session was not verified. Malicious unauthenticated actor may exploit this issue to escalate privileges and gain admin access to Zabbix Frontend. To perform the attack, SAML authentication is required to be enabled and the actor has to know the username of Zabbix user (or use the guest account, which is disabled by default).
Published 2022-01-13 16:15:08
Updated 2022-01-19 21:08:11
Source Zabbix
View at NVD,   CVE.org

CVE-2022-23131 is in the CISA Known Exploited Vulnerabilities Catalog

CISA vulnerability name:
Zabbix Frontend Authentication Bypass Vulnerability
CISA required action:
Apply updates per vendor instructions.
CISA description:
Unsafe client-side session storage leading to authentication bypass/instance takeover via Zabbix Frontend with configured SAML.
Added on 2022-02-22 Action due date 2022-03-08

Exploit prediction scoring system (EPSS) score for CVE-2022-23131

96.97%
Probability of exploitation activity in the next 30 days EPSS Score History
~ 100 %
Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2022-23131

Base Score Base Severity CVSS Vector Exploitability Score Impact Score Score Source First Seen
5.1
MEDIUM AV:N/AC:H/Au:N/C:P/I:P/A:P
4.9
6.4
NIST
9.8
CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
3.9
5.9
NIST
9.1
CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
3.9
5.2
Zabbix

CWE ids for CVE-2022-23131

  • This attack-focused weakness is caused by incorrectly implemented authentication schemes that are subject to spoofing attacks.
    Assigned by:
    • nvd@nist.gov (Primary)
    • security@zabbix.com (Secondary)

References for CVE-2022-23131

  • https://support.zabbix.com/browse/ZBX-20350
    [ZBX-20350] Unsafe client-side session storage leading to authentication bypass / instance takeover via Zabbix Frontend with configured SAML (CVE-2022-23131) - ZABBIX SUPPORT
    Issue Tracking;Patch;Vendor Advisory

Products affected by CVE-2022-23131

This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!