Grafana & Zabbix Integration - Credentials Disclosure

Grafana through 7.3.4, when integrated with Zabbix, contains a credential disclosure vulnerability. The Zabbix password can be found in the apijsonrpc.php HTML source code. When the user logs in and allows the user to register, one can right click to view the source code and use Ctrl-F to search...

Zabbix <=4.4 - Authentication Bypass

Zabbix through 4.4 is susceptible to an authentication bypass vulnerability via zabbix.php?action=dashboard.view&dashboardid=1. An attacker can bypass the login page and access the dashboard page, and then create a Dashboard, Report, Screen, or Map without any Username/Password i.e., anonymously...

Zabbix Setup Configuration Authentication Bypass

After the initial setup process, some steps of setup.php file are reachable not only by super-administrators but also by unauthenticated users. A malicious actor can pass step checks and potentially change the configuration of Zabbix Frontend. id: CVE-2022-23134 info: name: Zabbix Setup...

Zabbix - SQL Injection

Zabbix before 2.2.14 and 3.0 before 3.0.4 allows remote attackers to execute arbitrary SQL commands via the toggleids array parameter in latest.php and perform SQL injection attacks. id: CVE-2016-10134 info: name: Zabbix - SQL Injection author: princechaddha severity: critical description: Zabbix...

Zabbix - SAML SSO Authentication Bypass

When SAML SSO authentication is enabled non-default, session data can be modified by a malicious actor because a user login stored in the session was not verified. id: CVE-2022-23131 info: name: Zabbix - SAML SSO Authentication Bypass author: For3stCo1d,spac3wh1te severity: critical description:...

Astra Linux – Vulnerability in Zabbix

Users who do not have permission for any host can access and view the number of hosts along with other statistics through the System Information Widget in the Global View Dashboard...

Astra Linux – Vulnerability in Zabbix

Setting the SMS media allows for setting the GSM modem file. This file is later used as a Linux device. But since everything is a file for Linux, it’s possible to set another file, such as a log file. In this case, Zabbixserver will attempt to communicate with it as a modem. As a result, the log...

Astra Linux – Vulnerability in Zabbix

Zabbix Frontend offers a feature that enables administrators to manage the installation and ensure that only certain IP addresses can access it. This way, no user will be able to access the Zabbix Frontend during maintenance, and sensitive data will be protected from being disclosed. An attacker...

Astra Linux – Vulnerability in Zabbix

A low-privilege regular Zabbix user with API access can exploit the SQL injection vulnerability in the include/classes/api/CApiService.php file to execute arbitrary SQL commands using the groupBy parameter...

Astra Linux – Vulnerability in Zabbix

A verified Zabbix user including guests can cause excessive CPU load on the webserver by sending specially crafted parameters to /imgstore.php, potentially leading to a denial of service...

Astra Linux – Vulnerability in Zabbix

Templates do not properly handle backticks as JavaScript string delimiters, and do not escape them as expected. Backticks have been used since ES6 for JavaScript template literals. If a template contains a Go template action within a JavaScript template literal, the contents of the action can be...

Astra Linux – Vulnerability in Zabbix

During Zabbix installation from RPM, the DACOVERRIDE SELinux capability is used to access PID files in the /var/run/zabbix folder. In this case, processes of Zabbix Proxy or Server can bypass the file read, write, and execute permission checks at the file system level...

Astra Linux – Vulnerability in Zabbix

The zabbix/src/libs/zbxjson module is vulnerable to a buffer overflow when parsing JSON files using zbxjsonopen...

Astra Linux – Vulnerability in Zabbix

Zabbix allows for the configuration of SMS notifications. AT command injection occurs on the “Zabbix Server” because there is no validation of the “Number” field either on the web interface or on the Zabbix server side. An attacker can send specially crafted phone numbers via SMS and execute...

Astra Linux – Vulnerability in Zabbix

The memory pointer is a property of the Ducktape object. This leads to multiple vulnerabilities related to direct memory access and manipulation...

Astra Linux – Vulnerability in Zabbix

The Zabbix Agent 2 smartctl plugin does not properly sanitize the parameters of the smart.disk.get command, allowing an attacker to inject unexpected arguments into the smartctl command. In Zabbix 5.0, this allows for remote code execution...

Astra Linux – Vulnerability in Zabbix

When exporting media types, the passwords are exported in plain text within the YAML file. This appears to be a best practices issue and may not actually have any significant impact. The user must have permissions to access the media types, and therefore it is expected that they will have access ...

Astra Linux – Vulnerability in Zabbix

A authenticated user can create a hosts group using the configuration with XSS payload, which will be available to other users. When XSS is stored by an authenticated malicious actor, and other users attempt to search for groups during the creation of new hosts, the XSS payload will activate,...

Astra Linux – Vulnerability in Zabbix

The implementation of atob in "Zabbix JS" allows for creating a string with arbitrary content and using it to access internal properties of objects...

Astra Linux – Vulnerability in Zabbix

Stored or persistent cross-site scripting XSS is a type of XSS attack where the attacker first sends the malicious payload to the web application. The application then stores the payload e.g., in a database or server-side text files. Eventually, the application inadvertently executes the payload...