CVE-2023-32725

CVSS v3.1

Critical

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Zabbix versions (affected versions not specified)

Description The issue is related to the incorrect handling of security prefixes in cookie names, specifically the zbx session cookie, which can allow a remote attacker to elevate their privileges. When testing or executing scheduled reports, the website configured in the URL widget receives a session cookie, which can then be used to access the frontend as a particular user.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-565

Related Identifiers

ALT-PU-2024-3075

ALT-PU-2024-3077

ALT-PU-2024-3365

BDU:2023-09066

CVE-2023-32725

Affected Products

Alt Linux

Astra Linux

Debian

Red Os

Zabbix

CVE-2023-32725

Weakness Enumeration

Related Identifiers

Affected Products

References · 13