CVE-2023-32725

Summary

The website configured in the URL widget will receive a session cookie when testing or executing scheduled reports. The received session cookie can then be used to access the frontend as the particular user.

Affected Software

VendorProductVersion RangeStatus
ZabbixZabbix6.0.0 <= 6.0.21affected
ZabbixZabbix6.4.0 <= 6.4.6affected
ZabbixZabbix7.0.0alpha1 <= 7.0.0alpha3affected

Weaknesses

  • CWE-565: CWE-565 Reliance on Cookies without Validation and Integrity Checking

ADP Enrichment

CVE Program Container

Additional References

References