| Name | zabbix_saml_bypass_rce |
| CVE | CVE-2022-23131 |
| Exploit Pack | CANVAS |
| Description | zabbix_saml_bypass_rce |
| Notes | CVE Name: CVE-2022-23131 NOTES: CVE-2022-23131 is an unsafe client-side session storage vulnerability that can lead to bypassing Zabbix's Frontend when configured with SAML authentication. Once authenticated, an attacker can achieve remote code execution using pre-existing command templates. Tested against: - Zabbix 5.4.8 - Zabbix 5.4.0 CVE Url: https://nvd.nist.gov/vuln/detail/CVE-2022-23131 CVSS: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Date public: 01/13/2022 |
| Learn more about the CANVAS Exploit Pack here: CANVAS |