Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

PRP: Request CVE-2022-23131 Zabbix SAML Authentication Bypass vulnerability #228

Closed
hh-hunter opened this issue Feb 21, 2022 · 6 comments
Closed

PRP: Request CVE-2022-23131 Zabbix SAML Authentication Bypass vulnerability #228

hh-hunter opened this issue Feb 21, 2022 · 6 comments
Assignees
@hh-hunter
Labels
Contributor queue When a contributor has already one issue/PR in review, we put the following ones on hold with this.

Comments

@hh-hunter
Copy link
Contributor

Hello.

I would like to start implementing a plugin to detect CVE-2022-23131
This vulnerability should be relatively new and has been patched.

The vulnerability has been assigned a CVE ID (CVSS score >= 7.0) and the severity level of the vulnerability is HIGH or CRITICAL: CVSS score: 9.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

With SAML SSO authentication enabled (not the default), a malicious actor can modify session data because the user login stored in the session is not authenticated. An unauthenticated malicious attacker could use this issue to elevate privileges and gain administrator access to the Zabbix frontend. To execute the attack, SAML authentication needs to be enabled and the attacker must know the username of the Zabbix user (or use a guest account that is disabled by default). In an automated attack, a predefined account can be selected to perform the blast.

The vulnerability can be exploited remotely without authentication and user interaction.

For the firing range of this vulnerability, I can provide the vmx image

Please let me know if this is in scope to start with its development.
@hh-hunter hh-hunter mentioned this issue Mar 23, 2022
Closed
@maoning
Copy link
Collaborator

maoning commented Mar 29, 2022

Hi @hh-hunter,

Since you have opened 2 detector requests about Zabbix, could you implement a tsunami fingerprint for Zabbix? The result of service finger printing would help us determine how relevant Zabbix vulnerabilities are.

@hh-hunter
Copy link
Contributor Author

No problem~so do complete the detection first, or the tsunami fingerprint one first?

@hh-hunter
Copy link
Contributor Author

@maoning @magl0 hi,In order for us to solve these problems as soon as possible, can you send me some replies as soon as possible?

@maoning
Copy link
Collaborator

maoning commented Apr 8, 2022

The tsunami fingerprint first please.

@hh-hunter
Copy link
Contributor Author

hh-hunter commented Apr 9, 2022
edited
Loading

@maoning I've opened an issue about zabbix fingerprinting(#236 ), but it's not tagged with any categories yet.

@hh-hunter
Copy link
Contributor Author

@tooryx Before, when I wanted to develop this plugin, I was advised to implement fingerprinting first. I have already implemented the fingerprinting and merged it into the main branch. Can we continue developing this issue?

@tooryx tooryx added Contributor queue When a contributor has already one issue/PR in review, we put the following ones on hold with this. and removed PRP:Request labels Feb 1, 2024
@tooryx tooryx closed this as completed Jul 26, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@hh-hunter hh-hunter

Labels
Contributor queue When a contributor has already one issue/PR in review, we put the following ones on hold with this.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@tooryx @maoning @hh-hunter