add CVE-2019-17382 in the security-testbeds environment#119
add CVE-2019-17382 in the security-testbeds environment#119hh-hunter wants to merge 3 commits intogoogle:mainfrom
Conversation
|
Hi, this is the environment for cve-2019-17382 ,relevant google/tsunami-security-scanner-plugins#83 |
|
Hi @hh-hunter Thanks for your contribution! After reviewing the I wasn't able to reproduce the issue following your instructions, as the authentication check appears to be in place. Here's what I got when I started user@machine:~$ curl -s -H "Accept: text/html" "http://localhost:8080/zabbix.php?action=dashboard.view&dashboardid=1"
<!DOCTYPE html> <html>
<head>
<meta http-equiv="X-UA-Compatible" content="IE=Edge"/>
<meta charset="utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1">
<meta name="Author" content="Zabbix SIA" />
<title>Warning [refreshed every 30 sec.]</title>
<link rel="icon" href="favicon.ico">
<link rel="apple-touch-icon-precomposed" sizes="76x76" href="assets/img/apple-touch-icon-76x76-precomposed.png">
<link rel="apple-touch-icon-precomposed" sizes="120x120" href="assets/img/apple-touch-icon-120x120-precomposed.png">
<link rel="apple-touch-icon-precomposed" sizes="152x152" href="assets/img/apple-touch-icon-152x152-precomposed.png">
<link rel="apple-touch-icon-precomposed" sizes="180x180" href="assets/img/apple-touch-icon-180x180-precomposed.png">
<link rel="icon" sizes="192x192" href="assets/img/touch-icon-192x192.png">
<meta name="csrf-token" content=""/> <meta name="msapplication-TileImage" content="assets/img/ms-tile-144x144.png"> <meta name="msapplication-TileColor" content="#d40000"> <meta name="msapplication-config" content="none"/>
<link rel="stylesheet" type="text/css" href="assets/styles/blue-theme.css?1596158076" />
</head>
<body lang="en"><main><output class="msg-bad msg-global">You are not logged in<div class="msg-details"><ul class="msg-details-border"><li>You must login to view this page.</li><li>If you think this message is wrong, please consult your administrators about getting the necessary permissions.</li></ul></div><div class="msg-buttons"><button type="button" id="login" name="login" onclick="javascript: document.location = "index.php?request=zabbix.php%3Faction%3Ddashboard.view%26dashboardid%3D1";">Login</button></div></output></main><script type="text/javascript">
setTimeout('document.location.reload();', 30000);
</script></body></html>As you can see, the page returns a "You are not logged in" message, which suggests that the authentication check is in place. Please provide
Thanks again |
3 participants
CVE-2019-17382
An issue was discovered in zabbix.php?action=dashboard.view&dashboardid=1 in Zabbix through 4.4. An attacker can bypass the login page and access the dashboard page, and then create a Dashboard, Report, Screen, or Map without any Username/Password (i.e., anonymously). All created elements (Dashboard/Report/Screen/Map) are accessible by other users and by an admin.
Docker-compose
You can deploy the vulnerable version of Zabbix by running in docker-compose:
It takes several minutes to wait for the service to be accessed normally, and the exposed web service port is [23820].
Kubernetes
Or you can deploy the vulnerable version of Zabbix by running in Kubernetes:
The Kubernetes deployment will create a service named
zabbix-cve-2019-17382listening on port23820.