Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-pyz2-fufh-c7gc
SummaryIn the case of instances where the SAML SSO authentication is enabled (non-default), session data can be modified by a malicious actor, because a user login stored in the session was not verified. Malicious unauthenticated actor may exploit this issue to escalate privileges and gain admin access to Zabbix Frontend. To perform the attack, SAML authentication is required to be enabled and the actor has to know the username of Zabbix user (or use the guest account, which is disabled by default).
Aliases
0
alias CVE-2022-23131
Fixed_packages
0
url pkg:deb/debian/zabbix@0?distro=trixie
purl pkg:deb/debian/zabbix@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/zabbix@0%3Fdistro=trixie
1
url pkg:deb/debian/zabbix@1:5.0.8%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/zabbix@1:5.0.8%2Bdfsg-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5nmy-hdh8-xbg1
1
vulnerability VCID-cdyd-79m9-pyhv
2
vulnerability VCID-dej6-dxbp-a3bt
3
vulnerability VCID-fxqr-51kp-3ber
4
vulnerability VCID-qzp5-px2f-vqc8
5
vulnerability VCID-qzzk-mcfu-sfhv
6
vulnerability VCID-r8yr-aet5-yydn
7
vulnerability VCID-s1mb-1gsj-pbed
8
vulnerability VCID-uh37-bv9z-1bdz
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/zabbix@1:5.0.8%252Bdfsg-1%3Fdistro=trixie
2
url pkg:deb/debian/zabbix@1:6.0.14%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/zabbix@1:6.0.14%2Bdfsg-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-172p-q6d5-9ya3
1
vulnerability VCID-1xr6-n296-cyfd
2
vulnerability VCID-3g1d-2tvh-akh4
3
vulnerability VCID-3qru-uxsd-e3c8
4
vulnerability VCID-464s-8ex9-kqdz
5
vulnerability VCID-4s92-5es4-yka5
6
vulnerability VCID-4uxg-fxv7-rua8
7
vulnerability VCID-547a-p94b-6fep
8
vulnerability VCID-5nmy-hdh8-xbg1
9
vulnerability VCID-5s7j-6aea-qucr
10
vulnerability VCID-5t3e-bfve-d3he
11
vulnerability VCID-673b-qsd3-e3hz
12
vulnerability VCID-6u3x-x7qt-g3fa
13
vulnerability VCID-76qf-8jm4-8kct
14
vulnerability VCID-7bzf-3c9x-8qc4
15
vulnerability VCID-7f3g-hebk-3qad
16
vulnerability VCID-7yp1-231f-a3eq
17
vulnerability VCID-9jfn-6nvg-a3b6
18
vulnerability VCID-9z8h-gg7t-b7f8
19
vulnerability VCID-aetr-jrab-6fg5
20
vulnerability VCID-b8tm-2187-wkhz
21
vulnerability VCID-batr-txtv-s3cf
22
vulnerability VCID-cdyd-79m9-pyhv
23
vulnerability VCID-cuqx-wxkd-nffa
24
vulnerability VCID-d7uk-h423-77f5
25
vulnerability VCID-dej6-dxbp-a3bt
26
vulnerability VCID-ftt2-5jnt-9ye2
27
vulnerability VCID-fxqr-51kp-3ber
28
vulnerability VCID-gp3f-yz9h-eqax
29
vulnerability VCID-gyqk-zsww-ykdj
30
vulnerability VCID-kx3g-p2zj-duaj
31
vulnerability VCID-mhx5-hcg2-wfc4
32
vulnerability VCID-n5md-76wa-dbaa
33
vulnerability VCID-nrkb-pzcu-8ueg
34
vulnerability VCID-nyhx-57xy-wugc
35
vulnerability VCID-psak-h1x6-1kca
36
vulnerability VCID-qzp5-px2f-vqc8
37
vulnerability VCID-qzzk-mcfu-sfhv
38
vulnerability VCID-r65p-6wkq-sfb9
39
vulnerability VCID-r8yr-aet5-yydn
40
vulnerability VCID-ry8x-mjbp-qqct
41
vulnerability VCID-s1mb-1gsj-pbed
42
vulnerability VCID-sudd-unuw-wqa9
43
vulnerability VCID-uh37-bv9z-1bdz
44
vulnerability VCID-uxdf-6tyd-rucd
45
vulnerability VCID-vkfp-asar-7bhw
46
vulnerability VCID-wczj-cv1m-7qce
47
vulnerability VCID-zc7p-7yts-5yae
48
vulnerability VCID-zrfp-skzu-cbet
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/zabbix@1:6.0.14%252Bdfsg-1%3Fdistro=trixie
3
url pkg:deb/debian/zabbix@1:7.0.22%2Bdfsg-1~deb13u1?distro=trixie
purl pkg:deb/debian/zabbix@1:7.0.22%2Bdfsg-1~deb13u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/zabbix@1:7.0.22%252Bdfsg-1~deb13u1%3Fdistro=trixie
4
url pkg:deb/debian/zabbix@1:7.0.22%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/zabbix@1:7.0.22%2Bdfsg-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/zabbix@1:7.0.22%252Bdfsg-1%3Fdistro=trixie
Affected_packages
References
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-23131
reference_id
reference_type
scores
0
value 0.94045
scoring_system epss
scoring_elements 0.99901
published_at 2026-04-18T12:55:00Z
1
value 0.94045
scoring_system epss
scoring_elements 0.999
published_at 2026-04-16T12:55:00Z
2
value 0.94252
scoring_system epss
scoring_elements 0.99931
published_at 2026-04-02T12:55:00Z
3
value 0.94252
scoring_system epss
scoring_elements 0.99932
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-23131
1
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
2
reference_url https://support.zabbix.com/browse/ZBX-20350
reference_id ZBX-20350
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-01-29T17:20:59Z/
url https://support.zabbix.com/browse/ZBX-20350
Weaknesses
0
cwe_id 290
name Authentication Bypass by Spoofing
description This attack-focused weakness is caused by incorrectly implemented authentication schemes that are subject to spoofing attacks.
Exploits
0
date_added 2022-02-22
description Unsafe client-side session storage leading to authentication bypass/instance takeover via Zabbix Frontend with configured SAML.
required_action Apply updates per vendor instructions.
due_date 2022-03-08
notes https://nvd.nist.gov/vuln/detail/CVE-2022-23131
known_ransomware_campaign_use false
source_date_published null
exploit_type null
platform null
source_date_updated null
data_source KEV
source_url null
Severity_range_score9.1 - 9.1
Exploitabilitynull
Weighted_severitynull
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-pyz2-fufh-c7gc