CVE-2022-23133 - OpenCVE

An authenticated user can create a hosts group from the configuration with XSS payload, which will be available for other users. When XSS is stored by an authenticated malicious actor and other users try to search for groups during new host creation, the XSS payload will fire and the actor can steal session cookies and perform session hijacking to impersonate users or take over their accounts.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:S/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Fedoraproject	Fedora
Zabbix	Zabbix

Configuration 1 [-]

OR	cpe:2.3:a:zabbix:zabbix::::::::
	cpe:2.3:a:zabbix:zabbix::::::::
	cpe:2.3:a:zabbix:zabbix:6.0.0:alpha1::::::

Configuration 2 [-]

OR	cpe:2.3:o:fedoraproject:fedora:34:::::::*
	cpe:2.3:o:fedoraproject:fedora:35:::::::*

No data.

References

Link	Providers
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6SZYHXINBKCY42ITFSNCYE7KCSF33VRA/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VB6W556GVXOKUYTASTDGL3AI7S3SJHX7/
https://support.zabbix.com/browse/ZBX-20388

History

No history.

MITRE

Status: PUBLISHED

Assigner: Zabbix

Published: 2022-01-13T15:50:41.726421Z

Updated: 2024-09-16T21:08:55.904Z

Reserved: 2022-01-11T00:00:00

Link: CVE-2022-23133

Vulnrichment

No data.

NVD

Status : Modified

Published: 2022-01-13T16:15:08.170

Modified: 2023-11-07T03:44:04.887

Link: CVE-2022-23133

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Frontend", "vendor": "Zabbix", "versions": [{"status": "affected", "version": "5.0.0 \u2013 5.0.18"}, {"status": "affected", "version": "5.4.0 \u2013 5.4.8"}, {"lessThan": "5.0.19*", "status": "unaffected", "version": "5.0.19", "versionType": "custom"}, {"lessThan": "5.4.9*", "status": "unaffected", "version": "5.4.9", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Zabbix wants to thank Hazem Osama for reporting this issue to us"}], "datePublic": "2021-12-08T00:00:00", "descriptions": [{"lang": "en", "value": "An authenticated user can create a hosts group from the configuration with XSS payload, which will be available for other users. When XSS is stored by an authenticated malicious actor and other users try to search for groups during new host creation, the XSS payload will fire and the actor can steal session cookies and perform session hijacking to impersonate users or take over their accounts."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "description": "CWE-79 Cross-site Scripting (XSS)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-01-23T03:06:27", "orgId": "72de3e22-0555-4a0d-ae81-9249e0f0a1e8", "shortName": "Zabbix"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://support.zabbix.com/browse/ZBX-20388"}, {"name": "FEDORA-2022-dfe346f53f", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6SZYHXINBKCY42ITFSNCYE7KCSF33VRA/"}, {"name": "FEDORA-2022-1a667b0f90", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VB6W556GVXOKUYTASTDGL3AI7S3SJHX7/"}], "solutions": [{"lang": "en", "value": "To remediate this vulnerability, apply the updates."}], "source": {"discovery": "EXTERNAL"}, "title": "Stored XSS in host groups configuration window in Zabbix Frontend", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@zabbix.com", "DATE_PUBLIC": "2021-12-08T14:30:00.000Z", "ID": "CVE-2022-23133", "STATE": "PUBLIC", "TITLE": "Stored XSS in host groups configuration window in Zabbix Frontend"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Frontend", "version": {"version_data": [{"version_affected": "=", "version_name": "5.0.0 \u2013 5.0.18", "version_value": "5.0.0 \u2013 5.0.18"}, {"version_affected": "=", "version_name": "5.4.0 \u2013 5.4.8", "version_value": "5.4.0 \u2013 5.4.8"}, {"version_affected": "!>=", "version_name": "5.0.19", "version_value": "5.0.19"}, {"version_affected": "!>=", "version_name": "5.4.9", "version_value": "5.4.9"}]}}]}, "vendor_name": "Zabbix"}]}}, "credit": [{"lang": "eng", "value": "Zabbix wants to thank Hazem Osama for reporting this issue to us"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An authenticated user can create a hosts group from the configuration with XSS payload, which will be available for other users. When XSS is stored by an authenticated malicious actor and other users try to search for groups during new host creation, the XSS payload will fire and the actor can steal session cookies and perform session hijacking to impersonate users or take over their accounts."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-79 Cross-site Scripting (XSS)"}]}]}, "references": {"reference_data": [{"name": "https://support.zabbix.com/browse/ZBX-20388", "refsource": "MISC", "url": "https://support.zabbix.com/browse/ZBX-20388"}, {"name": "FEDORA-2022-dfe346f53f", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6SZYHXINBKCY42ITFSNCYE7KCSF33VRA/"}, {"name": "FEDORA-2022-1a667b0f90", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VB6W556GVXOKUYTASTDGL3AI7S3SJHX7/"}]}, "solution": [{"lang": "en", "value": "To remediate this vulnerability, apply the updates."}], "source": {"discovery": "EXTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T03:36:19.878Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://support.zabbix.com/browse/ZBX-20388"}, {"name": "FEDORA-2022-dfe346f53f", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6SZYHXINBKCY42ITFSNCYE7KCSF33VRA/"}, {"name": "FEDORA-2022-1a667b0f90", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VB6W556GVXOKUYTASTDGL3AI7S3SJHX7/"}]}]}, "cveMetadata": {"assignerOrgId": "72de3e22-0555-4a0d-ae81-9249e0f0a1e8", "assignerShortName": "Zabbix", "cveId": "CVE-2022-23133", "datePublished": "2022-01-13T15:50:41.726421Z", "dateReserved": "2022-01-11T00:00:00", "dateUpdated": "2024-09-16T21:08:55.904Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:zabbix:zabbix:*:*:*:*:*:*:*:*", "matchCriteriaId": "E5754717-C846-47CA-81C2-D2BA46BED5AD", "versionEndIncluding": "5.0.18", "versionStartIncluding": "5.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:zabbix:zabbix:*:*:*:*:*:*:*:*", "matchCriteriaId": "19429F9A-8623-4BA9-984B-4982418C21CD", "versionEndIncluding": "5.4.8", "versionStartIncluding": "5.4.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:zabbix:zabbix:6.0.0:alpha1:*:*:*:*:*:*", "matchCriteriaId": "0DC67B03-AF43-45C9-8EAC-D60DA5887712", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", "matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*", "matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An authenticated user can create a hosts group from the configuration with XSS payload, which will be available for other users. When XSS is stored by an authenticated malicious actor and other users try to search for groups during new host creation, the XSS payload will fire and the actor can steal session cookies and perform session hijacking to impersonate users or take over their accounts."}, {"lang": "es", "value": "Un usuario autenticado puede crear un grupo de hosts desde la configuraci\u00f3n con el payload de tipo XSS, que estar\u00e1 disponible para otros usuarios. Cuando un actor malicioso autenticado almacena XSS y otros usuarios intentan buscar grupos durante la creaci\u00f3n de nuevos hosts, la carga \u00fatil de tipo XSS se dispara y el actor puede robar las cookies de sesi\u00f3n y llevar a cabo un secuestro de sesi\u00f3n para suplantar a los usuarios o hacerse con sus cuentas"}], "id": "CVE-2022-23133", "lastModified": "2023-11-07T03:44:04.887", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 3.5, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.4, "source": "security@zabbix.com", "type": "Secondary"}]}, "published": "2022-01-13T16:15:08.170", "references": [{"source": "security@zabbix.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6SZYHXINBKCY42ITFSNCYE7KCSF33VRA/"}, {"source": "security@zabbix.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VB6W556GVXOKUYTASTDGL3AI7S3SJHX7/"}, {"source": "security@zabbix.com", "tags": ["Issue Tracking", "Patch", "Vendor Advisory"], "url": "https://support.zabbix.com/browse/ZBX-20388"}], "sourceIdentifier": "security@zabbix.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-79"}], "source": "security@zabbix.com", "type": "Secondary"}]}