CSRF Vulnerability in Zabbix Monitoring Solution
CVE-2021-27927

8.8HIGH

Key Information:

Vendor: Zabbix
Status: Zabbix
Vendor: CVE Published:; 3 March 2021

What is CVE-2021-27927?

The Zabbix Monitoring Solution has a security flaw in the CControllerAuthenticationUpdate controller that fails to implement adequate CSRF protection. This weakness allows attackers to exploit the system without needing user credentials, provided they possess the correct Zabbix URL and have access to a user with the necessary privileges. Without proper CSRF safeguards, unauthorized users may manipulate sensitive configurations or user data, potentially compromising the integrity of the Zabbix installation.

References

https://support.zabbix.com/browse/ZBX-18942

https://lists.debian.org/debian-lts-announce/2023/04/msg0...

mailing-list

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 3, 2021
Vulnerability Reserved
Mar 3, 2021