ATTACK [PTsecurity] Zabbix v5.4.x SSO/SALM Auth Bypass RCE (CVE-2022-23131)

SID: 10007101Rev: 434 views
History
Sourceptrules/open
CreatedJuly 24, 2025
UpdatedJuly 24, 2025
Classificationattempted-admin
alert http any any -> any any (msg:"ATTACK [PTsecurity] Zabbix v5.4.x SSO/SALM Auth Bypass RCE (CVE-2022-23131)"; flow:established, to_server; content:"/index_sso.php"; http_uri; content:"zbx_session="; http_cookie; base64_decode:relative; base64_data; content:"saml_data"; content:"username_attribute"; distance:0; pcre:"/^\{(?:(?!.*sessionid)|(?!.*sign)|(?!.*session_index)).+$/"; reference:url, blog.sonarsource.com/zabbix-case-study-of-unsafe-session-storage; reference:cve, 2022-23131; reference:url, rules.ptsecurity.com; classtype:attempted-admin; sid:10007101; rev:4;)

References

urlblog.sonarsource.com/zabbix-case-study-of-unsafe-session-storage
cve2022-23131
urlrules.ptsecurity.com

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!