daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Enhancement: cves/2022/CVE-2022-23134.yaml by mp

patch-1
MostInterestingBotInTheWorld 2022-03-08 10:36:27 -05:00
parent 613ff3f1eb
commit 303f6f71c6
1 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
cves/2022/CVE-2022-23134.yaml
View File

@ -4,7 +4,7 @@ info:
name: Zabbix Setup Configuration - Unauthenticated Access
author: bananabr
severity: medium
description: After the initial setup process, some steps of setup.php file are reachable not only by super-administrators, but by unauthenticated users as well. Malicious actor can pass step checks and potentially change the configuration of Zabbix Frontend.
description: After the initial setup process, some steps of setup.php file are reachable not only by super-administrators but also by unauthenticated users. A malicious actor can pass step checks and potentially change the configuration of Zabbix Frontend.
reference:
- https://blog.sonarsource.com/zabbix-case-study-of-unsafe-session-storage
- https://nvd.nist.gov/vuln/detail/CVE-2022-23134
@ -36,4 +36,6 @@ requests:
- type: status
status:
- 200
- 200
# Enhanced by mp on 2022/03/08