Описание
A bug in the code allows an attacker to sign a forged zbx_session cookie, which then allows them to sign in with admin permissions.
Релиз | Статус | Примечание |
---|---|---|
devel | not-affected | |
esm-apps/bionic | needs-triage | |
esm-apps/focal | needs-triage | |
esm-apps/jammy | needs-triage | |
esm-apps/xenial | needs-triage | |
esm-infra-legacy/trusty | needs-triage | |
focal | ignored | end of standard support, was needs-triage |
jammy | needs-triage | |
noble | DNE | |
oracular | not-affected | 1:7.0.2+dfsg-1 |
Показывать по
8.8 High
CVSS3
Связанные уязвимости
A bug in the code allows an attacker to sign a forged zbx_session cookie, which then allows them to sign in with admin permissions.
A bug in the code allows an attacker to sign a forged zbx_session cook ...
A bug in the code allows an attacker to sign a forged zbx_session cookie, which then allows them to sign in with admin permissions.
Уязвимость механизма аутентификации Single sign-on (SSO) универсальной системы мониторинга Zabbix, позволяющая нарушителю обойти существующие ограничения безопасности и повысить свои привилегии
8.8 High
CVSS3