Vulnerability detail

Enriched intelligence for a single CVE

9.1

CVSS
Critical

CVE-2022-23131

PUBLISHED

Unsafe client-side session storage leading to authentication bypass/instance takeover via Zabbix Frontend with configured SAML

Exploited in the wild Remote Low complexity No user interaction

Vendor: Zabbix
Product: Frontend
Published: Jan 13, 2022
EPSS: —

Description

In the case of instances where the SAML SSO authentication is enabled (non-default), session data can be modified by a malicious actor, because a user login stored in the session was not verified. Malicious unauthenticated actor may exploit this issue to escalate privileges and gain admin access to Zabbix Frontend. To perform the attack, SAML authentication is required to be enabled and the actor has to know the username of Zabbix user (or use the guest account, which is disabled by default).

cisa nuclei_scanner

CVSS scores

CVSS v3.1 9.1 Critical

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Exploitation status

Exploited in the wild

Recorded 2022-02-22 00:00:00 UTC · Source

SSVC decision points

Exploitation: active
Automatable: Yes
Technical impact: total

References

https://support.zabbix.com/browse/ZBX-20350

Known exploited vulnerability sources

Catalogues that list this CVE as a known exploited vulnerability.

Source	Added
CISA	Feb 22, 2022

Scanner integrations

Scanner	Reference	Detected
Nuclei	https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2022/CVE-2022-23131.yaml	Apr 25, 2025

Potential proof of concepts

These PoCs are unverified and could contain malware. Use at your own risk.

fork-bombed/CVE-2022-23131

github · Created 2024-09-18 15:42:26 UTC · 4 stars

CVE-2022-23131 Zabbix Server SAML authentication exploit

SCAMagic/CVE-2022-23131poc-exp-zabbix-

github · Created 2022-07-22 05:48:23 UTC · 8 stars

CVE-2022-23131漏洞批量检测与利用脚本

Kazaf6s/CVE-2022-23131

github · Created 2022-04-02 18:16:56 UTC · 11 stars

CVE-2022-23131漏洞利用工具开箱即用。

kh4sh3i/CVE-2022-23131

github · Created 2022-02-28 10:37:02 UTC · 13 stars

Zabbix - SAML SSO Authentication Bypass

pykiller/CVE-2022-23131

github · Created 2022-02-24 11:34:27 UTC · 2 stars

1mxml/CVE-2022-23131

github · Created 2022-02-18 14:48:53 UTC · 3 stars

jweny/CVE-2022-23131

github · Created 2022-02-18 08:38:53 UTC · 93 stars

cve-2022-23131 exp

qq1549176285/CVE-2022-23131

github · Created 2022-02-18 03:03:26 UTC · 0 stars

Timeline

CVE ID Reserved

January 11, 2022
CVE Published to Public

January 13, 2022
Added to KEVIntel

February 22, 2022
Detected by Nuclei

April 25, 2025