CVE-2022-23131
Description
In the case of instances where the SAML SSO authentication is enabled (non-default), session data can be modified by a malicious actor, because a user login stored in the session was not verified. Malicious unauthenticated actor may exploit this issue to escalate privileges and gain admin access to Zabbix Frontend. To perform the attack, SAML authentication is required to be enabled and the actor has to know the username of Zabbix user (or use the guest account, which is disabled by default).
Severity: CRITICAL
CVE ID: CVE-2022-23131
CVSS Score: 9.8
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: CRITICAL
CVE ID: CVE-2022-23131
CVSS Score: 9.1
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Proof Of Concept
Nuclei Templates for CVE-2022-23131
Refrence: Project Discovery GitHub
qq1549176285
Refrence: GitHub
jweny
cve-2022-23131 exp
Refrence: GitHub
Mr-xn
cve-2022-23131 zabbix-saml-bypass-exp
Refrence: GitHub
1mxml
Refrence: GitHub
0tt7
Refrence: GitHub
zwjjustdoit
poc
Refrence: GitHub
L0ading-x
cve-2022-23131
Refrence: GitHub
random-robbie
Zabbix SSO Bypass
Refrence: GitHub
trganda
Refrence: GitHub
pykiller
Refrence: GitHub
Fa1c0n35
Refrence: GitHub
kh4sh3i
Zabbix - SAML SSO Authentication Bypass
Refrence: GitHub
Kazaf6s
CVE-2022-23131漏洞利用工具开箱即用。
Refrence: GitHub
SCAMagic
CVE-2022-23131漏洞批量检测与利用脚本
Refrence: GitHub
Vulnmachines
Zabbix-SAML-Bypass: CVE-2022-23131
Refrence: GitHub
wr0x00
Refrence: GitHub
Arrnitage
zabbix saml bypass
Refrence: GitHub
clearcdq
Refrence: GitHub
r10lab
Refrence: GitHub
Content on GitHub
peiqiF4ck | watchers:157
WebFrameworkTools-5.1-main
本软件首先集成危害性较大框架和部分主流cms的rce(无需 登录,或者登录绕过执行rce)和反序列化(利用链简单)。傻瓜式导入url即可实现批量getshell。批量自动化测试。例如:Thinkphp,Struts2,weblogic。出现的最新漏洞进行实时跟踪并且更新例如:log4jRCE,向日葵 禅道RCE 瑞友天翼应用虚拟化系统sql注入导致RCE大华智慧园区上传,金蝶云星空漏洞等等.
Refrence: GitHub