Zabbix SAML identity bypass vulnerability CVE-2022-23131
Zabbix SAML identity bypass vulnerability CVE-2022-23131
Zabbix SAML Identity Bypass Vulnerability CVE-2022-23131
Vulnerability Description
Zabbix is a very popular open source monitoring platform for collecting, centralizing, and tracking metrics such as CPU load and network traffic throughout the infrastructure.
We discovered a serious vulnerability in Zabbix’s client session implementation that could lead to damage to the entire network.
Vulnerability Impact
Zabbix
Network surveying and mapping
Vulnerability reappears
Login page
Get zbx_session through POC
After replacing, click SAML to log in
This post is licensed under CC BY 4.0 by the author.