Zabbix developers have released security updates to address two dangerous security vulnerabilities (CVE-2022-23131, CVE-2022-23134) exploited in the wild. The most critical issue (CVE-2022-23131) stems from unsafe client-side session storage, exploitation of this vulnerability could lead to authentication bypass or system takeover. The second issue (CVE-2022-23134) could allow to unauthenticated users to view the setup pages. These security issues are fixed in Zabbix version 5.4.9 and the stable release of Zabbix 6.0 LTS. More information on vulnerabilities and updates is available in Zabbix security advisories – zabbix.com.

Source: blog.zabbix.com