We just received the notice regarding these zabbix vulnerabilities:
CVE have not been published yet, we recommend you to remediate these vulnerabilities by applying the updates listed in the 'Fixed Version' below to appropriate products.
As an additional measure, for customers who use Zabbix Java Gateway, we also recommend checking permission to /etc/zabbix/zabbix_java_gateway_logback.xml file and set it read-only, if write permissions are available for “zabbix” user.
Affected version
• Zabbix Frontend: 4.0.36; 5.0.18; 5.4.8
• Zabbix Java Gateway: 4.0.36; 5.0.18; 5.4.8
Fixed Version
• Zabbix Frontend: 4.0.37; 5.0.19; 5.4.9
• Zabbix Java Gateway: 4.0.37; 5.0.19; 5.4.9
Regarding item #1, I assume it is referring to this optional feature? https://www.zabbix.com/documentation...x/install/okta
If we never used/configured SAML, are we still vulnerable?
- Critical severity - Unsafe client-side session storage leading to authentication bypass / instance takeover via Zabbix Frontend with configured SAML
- Medium severity - Possible remote code execution in Zabbix Java Gateway with logback version 1.2.7and prior versions. Please be aware it is not log4j library, Zabbix products are NOT AFFECTED by the Log4j exploit
- Medium severity - Possible view of the setup pages by non-super admin
- Medium severity - Stored xss in host groups configuration window in Zabbix Frontend
CVE have not been published yet, we recommend you to remediate these vulnerabilities by applying the updates listed in the 'Fixed Version' below to appropriate products.
As an additional measure, for customers who use Zabbix Java Gateway, we also recommend checking permission to /etc/zabbix/zabbix_java_gateway_logback.xml file and set it read-only, if write permissions are available for “zabbix” user.
Affected version
• Zabbix Frontend: 4.0.36; 5.0.18; 5.4.8
• Zabbix Java Gateway: 4.0.36; 5.0.18; 5.4.8
Fixed Version
• Zabbix Frontend: 4.0.37; 5.0.19; 5.4.9
• Zabbix Java Gateway: 4.0.37; 5.0.19; 5.4.9
If we never used/configured SAML, are we still vulnerable?