First published: Wed Sep 14 2022(Updated: )
An unauthenticated user can create a link with reflected Javascript code inside the backurl parameter and send it to other authenticated users in order to create a fake account with predefined login, password and role in Zabbix Frontend.
Credit: security@zabbix.com
Affected Software | Affected Version | How to fix |
---|---|---|
Zabbix Zabbix | >=6.0.0<=6.0.6 | |
Zabbix Zabbix | =6.2.0 | |
Fedoraproject Fedora | =37 |
To remediate this vulnerability, apply the updates
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-40626 is a vulnerability that allows an unauthenticated user to create a link with reflected JavaScript code in the backurl parameter in Zabbix Frontend.
An unauthenticated user can create a link with reflected JavaScript code in the backurl parameter and send it to other authenticated users, allowing them to create a fake account with predefined login, password, and role.
Zabbix versions 6.0.0 to 6.0.6, Zabbix 6.2.0, Fedora 37 are affected by CVE-2022-40626.
CVE-2022-40626 has a severity value of 6.1, which is considered medium.
To fix CVE-2022-40626, update to a version of Zabbix that is not affected by the vulnerability.