From 76d74463814edbd157789d1c22058e976c492859 Mon Sep 17 00:00:00 2001 From: hh-hunter <91593280+hh-hunter@users.noreply.github.com> Date: Fri, 7 Feb 2025 14:12:22 +0800 Subject: [PATCH 1/3] add CVE-2019-17382 in the security-testbeds environment --- zabbix/cve-2019-17382/README.md | 0 zabbix/cve-2019-17382/docker-compose.yml | 42 +++++++++++++++++++ .../cve-2019-17382/zabbix-cve-2019-17382.yml | 0 3 files changed, 42 insertions(+) create mode 100644 zabbix/cve-2019-17382/README.md create mode 100644 zabbix/cve-2019-17382/docker-compose.yml create mode 100644 zabbix/cve-2019-17382/zabbix-cve-2019-17382.yml diff --git a/zabbix/cve-2019-17382/README.md b/zabbix/cve-2019-17382/README.md new file mode 100644 index 00000000..e69de29b diff --git a/zabbix/cve-2019-17382/docker-compose.yml b/zabbix/cve-2019-17382/docker-compose.yml new file mode 100644 index 00000000..80502289 --- /dev/null +++ b/zabbix/cve-2019-17382/docker-compose.yml @@ -0,0 +1,42 @@ +version: '3.5' +services: + zabbix-server: + image: docker.m.daocloud.io/zabbix/zabbix-server-mysql:alpine-4.4-latest + container_name: zabbix-server + environment: + DB_SERVER_HOST: mysql-server + MYSQL_DATABASE: zabbix + MYSQL_USER: zabbix + MYSQL_PASSWORD: zabbix_password + ports: + - "10051:10051" + depends_on: + - mysql-server + + zabbix-web: + image: docker.m.daocloud.io/zabbix/zabbix-web-nginx-mysql:alpine-4.4-latest + container_name: zabbix-web + environment: + DB_SERVER_HOST: mysql-server + MYSQL_DATABASE: zabbix + MYSQL_USER: zabbix + MYSQL_PASSWORD: zabbix_password + ZBX_SERVER_HOST: zabbix-server + ports: + - "8080:8080" + depends_on: + - zabbix-server + + mysql-server: + image: docker.m.daocloud.io/mysql:5.7 + container_name: mysql-server + environment: + MYSQL_DATABASE: zabbix + MYSQL_USER: zabbix + MYSQL_PASSWORD: zabbix_password + MYSQL_ROOT_PASSWORD: root_password + volumes: + - mysql-data:/var/lib/mysql + +volumes: + mysql-data: \ No newline at end of file diff --git a/zabbix/cve-2019-17382/zabbix-cve-2019-17382.yml b/zabbix/cve-2019-17382/zabbix-cve-2019-17382.yml new file mode 100644 index 00000000..e69de29b From 49884246cf9b3f8dbaed787a01edd01d40cb42cf Mon Sep 17 00:00:00 2001 From: hh-hunter <91593280+hh-hunter@users.noreply.github.com> Date: Sat, 8 Feb 2025 10:37:29 +0800 Subject: [PATCH 2/3] Update README.md --- zabbix/cve-2019-17382/README.md | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/zabbix/cve-2019-17382/README.md b/zabbix/cve-2019-17382/README.md index e69de29b..553e3e8c 100644 --- a/zabbix/cve-2019-17382/README.md +++ b/zabbix/cve-2019-17382/README.md @@ -0,0 +1,16 @@ +# CVE-2019-17382 +An issue was discovered in zabbix.php?action=dashboard.view&dashboardid=1 in Zabbix through 4.4. An attacker can bypass the login page and access the dashboard page, and then create a Dashboard, Report, Screen, or Map without any Username/Password (i.e., anonymously). All created elements (Dashboard/Report/Screen/Map) are accessible by other users and by an admin. + +## Docker-compose +You can deploy the vulnerable version of Zabbix by running in docker-compose: +```sh +docker-compose -f docker-compose.yml up +``` +It takes several minutes to wait for the service to be accessed normally, and the exposed web service port is [23820]. + +## Kubernetes +Or you can deploy the vulnerable version of Zabbix by running in Kubernetes: +```sh +kubectl apply -f zabbix-cve-2019-17382.yaml +``` +The Kubernetes deployment will create a service named `zabbix-cve-2019-17382` listening on port `23820`. From 74a1e0a71aa08885a983890c2c5c2d41db521524 Mon Sep 17 00:00:00 2001 From: hh-hunter <91593280+hh-hunter@users.noreply.github.com> Date: Sat, 8 Feb 2025 10:43:43 +0800 Subject: [PATCH 3/3] Update zabbix-cve-2019-17382.yml --- .../cve-2019-17382/zabbix-cve-2019-17382.yml | 153 ++++++++++++++++++ 1 file changed, 153 insertions(+) diff --git a/zabbix/cve-2019-17382/zabbix-cve-2019-17382.yml b/zabbix/cve-2019-17382/zabbix-cve-2019-17382.yml index e69de29b..5166010f 100644 --- a/zabbix/cve-2019-17382/zabbix-cve-2019-17382.yml +++ b/zabbix/cve-2019-17382/zabbix-cve-2019-17382.yml @@ -0,0 +1,153 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: zabbix + +--- +apiVersion: v1 +kind: Service +metadata: + name: mysql-server + namespace: zabbix +spec: + ports: + - port: 3306 + selector: + app: mysql-server + +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: mysql-server + namespace: zabbix +spec: + selector: + matchLabels: + app: mysql-server + template: + metadata: + labels: + app: mysql-server + spec: + containers: + - name: mysql-server + image: mysql:5.7 + env: + - name: MYSQL_DATABASE + value: "zabbix" + - name: MYSQL_USER + value: "zabbix" + - name: MYSQL_PASSWORD + value: "zabbix_password" + - name: MYSQL_ROOT_PASSWORD + value: "root_password" + volumeMounts: + - name: mysql-storage + mountPath: /var/lib/mysql + volumes: + - name: mysql-storage + persistentVolumeClaim: + claimName: mysql-pvc + +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: mysql-pvc + namespace: zabbix +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi + +--- +apiVersion: v1 +kind: Service +metadata: + name: zabbix-server + namespace: zabbix +spec: + ports: + - port: 10051 + selector: + app: zabbix-server + +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: zabbix-server + namespace: zabbix +spec: + selector: + matchLabels: + app: zabbix-server + template: + metadata: + labels: + app: zabbix-server + spec: + containers: + - name: zabbix-server + image: zabbix/zabbix-server-mysql:alpine-4.4.0 + env: + - name: DB_SERVER_HOST + value: "mysql-server" + - name: MYSQL_DATABASE + value: "zabbix" + - name: MYSQL_USER + value: "zabbix" + - name: MYSQL_PASSWORD + value: "zabbix_password" + ports: + - containerPort: 10051 + +--- +apiVersion: v1 +kind: Service +metadata: + name: zabbix-web + namespace: zabbix +spec: + ports: + - port: 80 + targetPort: 80 + nodePort: 23820 + selector: + app: zabbix-web + type: NodePort + +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: zabbix-web + namespace: zabbix +spec: + selector: + matchLabels: + app: zabbix-web + template: + metadata: + labels: + app: zabbix-web + spec: + containers: + - name: zabbix-web + image: zabbix/zabbix-web-nginx-mysql:alpine-4.4.0 + env: + - name: DB_SERVER_HOST + value: "mysql-server" + - name: MYSQL_DATABASE + value: "zabbix" + - name: MYSQL_USER + value: "zabbix" + - name: MYSQL_PASSWORD + value: "zabbix_password" + - name: ZBX_SERVER_HOST + value: "zabbix-server" + ports: + - containerPort: 80