CVE-2022-24918 : Security Advisory and Response
An authenticated user in Zabbix Frontend can exploit a reflected XSS vulnerability to inject malicious Javascript code, impacting versions 5.0.0-5.0.20, 5.4.0-5.4.10, and 6.0.
An authenticated user can create a link with reflected Javascript code inside it for items’ page and send it to other users. The payload can be executed only with a known CSRF token value of the victim, which is changed periodically and is difficult to predict. Malicious code has access to all the same objects as the rest of the web page and can make arbitrary modifications to the contents of the page being displayed to a victim during social engineering attacks.
Understanding CVE-2022-24918
This CVE involves a reflected cross-site scripting vulnerability in the item configuration window of Zabbix Frontend.
What is CVE-2022-24918?
The vulnerability allows an authenticated user to create a link containing JavaScript code, which when executed, can manipulate the contents of the victim's page during social engineering attacks.
The Impact of CVE-2022-24918
The vulnerability's impact is classified as LOW according to the CVSS score. An attacker can exploit this vulnerability with HIGH attack complexity, over the NETWORK, with a requirement of user interaction.
Technical Details of CVE-2022-24918
Vulnerability Description
The vulnerability enables an authenticated user to inject and execute malicious JavaScript code on the victim's page, potentially leading to unauthorized data manipulation.
Affected Systems and Versions
The Zabbix Frontend versions affected by this vulnerability include 5.0.0 to 5.0.20, 5.4.0 to 5.4.10, and 6.0. Users with versions 5.0.21rc1, 5.4.11rc1, and 6.0.1rc1 are unaffected.
Exploitation Mechanism
To exploit this vulnerability, an attacker needs to be authenticated and can send a crafted link to the victim. The attack relies on the victim's known CSRF token value.
Mitigation and Prevention
Immediate Steps to Take
To address this vulnerability, it's crucial to apply the available updates provided by Zabbix vendor promptly.
Long-Term Security Practices
Regularly update the Zabbix Frontend to the latest secure versions to mitigate the risk of such vulnerabilities in the future.
Patching and Updates
Stay informed about security patches released by Zabbix and apply them as soon as they are available to ensure a secure environment.