Bug 2251871 (CVE-2023-32723)

Summary: CVE-2023-32723 zabbix: inefficient permission check in class CControllerAuthenticationUpdate
Product: [Other] Security Response Reporter: Marian Rehak <mrehak>
Component: vulnerabilityAssignee: Product Security <prodsec-ir-bot>
Status: NEW --- QA Contact:
Severity: high Docs Contact:
Priority: high    
Version: unspecifiedKeywords: Security
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2251872    
Bug Blocks:    

Description Marian Rehak 2023-11-28 06:31:59 UTC 
This vulnerability is causing unauthorized Server-Side Request Forgery (SSRF) in Zabbix Frontend. Attack involves an attacker abusing server functionality to access or modify resources. The attacker targets an application that supports data reads or imports from URLs.

Reference:

https://support.zabbix.com/browse/ZBX-23230
Comment 1 Marian Rehak 2023-11-28 06:32:12 UTC 
Created zabbix tracking bugs for this issue:

Affects: fedora-all [bug 2251872]