mirror of
https://github.com/gobysec/GobyVuls.git
synced 2025-06-20 01:40:20 +00:00
747 B
747 B
Zabbix Login Bypass (CVE-2022-23131)
Zabbix is an open source monitoring system. The system supports network monitoring, server monitoring, cloud monitoring and application monitoring, etc. A login bypass vulnerability exists in Zabbix that arises when SAML SSO authentication is enabled (not default). An unauthenticated malicious attacker could exploit the vulnerability to escalate privileges and gain administrator access to the Zabbix frontend.
FOFA query rule: body="SAML" && (banner="zbx_session=" || header="zbx_session=")
Demo
