Описание
A bug in the code allows an attacker to sign a forged zbx_session cookie, which then allows them to sign in with admin permissions.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| zabbix | fixed | 1:7.0.1+dfsg-1 | package | |
| zabbix | not-affected | bullseye | package |
Примечания
https://support.zabbix.com/browse/ZBX-25635
Fixed by: https://github.com/zabbix/zabbix/commit/6e39148b7361312f730d87e4438f692a2c39d07e (7.0.1rc1)
Fixed by: https://github.com/zabbix/zabbix/commit/48e7615d1e1e3a5f543505cc6cb0a5564a655b58 (6.0.32rc1)
Vulnerable feature introduced with https://github.com/zabbix/zabbix/commit/24e7ca3c792fe3581fdb39c3f7c914c6a4c92500 (6.0.0alpha1)
Связанные уязвимости
A bug in the code allows an attacker to sign a forged zbx_session cookie, which then allows them to sign in with admin permissions.
A bug in the code allows an attacker to sign a forged zbx_session cookie, which then allows them to sign in with admin permissions.
A bug in the code allows an attacker to sign a forged zbx_session cookie, which then allows them to sign in with admin permissions.
Уязвимость механизма аутентификации Single sign-on (SSO) универсальной системы мониторинга Zabbix, позволяющая нарушителю обойти существующие ограничения безопасности и повысить свои привилегии
