google · hh-hunter · Feb 7, 2025 · Feb 8, 2025 · Feb 8, 2025
diff --git a/zabbix/cve-2019-17382/README.md b/zabbix/cve-2019-17382/README.md
@@ -0,0 +1,16 @@
+# CVE-2019-17382
+An issue was discovered in zabbix.php?action=dashboard.view&dashboardid=1 in Zabbix through 4.4. An attacker can bypass the login page and access the dashboard page, and then create a Dashboard, Report, Screen, or Map without any Username/Password (i.e., anonymously). All created elements (Dashboard/Report/Screen/Map) are accessible by other users and by an admin.
+
+## Docker-compose
+You can deploy the vulnerable version of Zabbix by running in docker-compose:
+```sh
+docker-compose -f docker-compose.yml up
+```
+It takes several minutes to wait for the service to be accessed normally, and the exposed web service port is [23820].
+
+## Kubernetes
+Or you can deploy the vulnerable version of Zabbix by running in Kubernetes:
+```sh
+kubectl apply -f zabbix-cve-2019-17382.yaml
+```
+The Kubernetes deployment will create a service named `zabbix-cve-2019-17382` listening on port `23820`.
diff --git a/zabbix/cve-2019-17382/docker-compose.yml b/zabbix/cve-2019-17382/docker-compose.yml
@@ -0,0 +1,42 @@
+version: '3.5'
+services:
+  zabbix-server:
+    image: docker.m.daocloud.io/zabbix/zabbix-server-mysql:alpine-4.4-latest
+    container_name: zabbix-server
+    environment:
+      DB_SERVER_HOST: mysql-server
+      MYSQL_DATABASE: zabbix
+      MYSQL_USER: zabbix
+      MYSQL_PASSWORD: zabbix_password
+    ports:
+      - "10051:10051"
+    depends_on:
+      - mysql-server
+
+  zabbix-web:
+    image: docker.m.daocloud.io/zabbix/zabbix-web-nginx-mysql:alpine-4.4-latest
+    container_name: zabbix-web
+    environment:
+      DB_SERVER_HOST: mysql-server
+      MYSQL_DATABASE: zabbix
+      MYSQL_USER: zabbix
+      MYSQL_PASSWORD: zabbix_password
+      ZBX_SERVER_HOST: zabbix-server
+    ports:
+      - "8080:8080"
+    depends_on:
+      - zabbix-server
+
+  mysql-server:
+    image: docker.m.daocloud.io/mysql:5.7
+    container_name: mysql-server
+    environment:
+      MYSQL_DATABASE: zabbix
+      MYSQL_USER: zabbix
+      MYSQL_PASSWORD: zabbix_password
+      MYSQL_ROOT_PASSWORD: root_password
+    volumes:
+      - mysql-data:/var/lib/mysql
+
+volumes:
+  mysql-data:
diff --git a/zabbix/cve-2019-17382/zabbix-cve-2019-17382.yml b/zabbix/cve-2019-17382/zabbix-cve-2019-17382.yml
@@ -0,0 +1,153 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: zabbix
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: mysql-server
+  namespace: zabbix
+spec:
+  ports:
+    - port: 3306
+  selector:
+    app: mysql-server
+
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: mysql-server
+  namespace: zabbix
+spec:
+  selector:
+    matchLabels:
+      app: mysql-server
+  template:
+    metadata:
+      labels:
+        app: mysql-server
+    spec:
+      containers:
+        - name: mysql-server
+          image: mysql:5.7
+          env:
+            - name: MYSQL_DATABASE
+              value: "zabbix"
+            - name: MYSQL_USER
+              value: "zabbix"
+            - name: MYSQL_PASSWORD
+              value: "zabbix_password"
+            - name: MYSQL_ROOT_PASSWORD
+              value: "root_password"
+          volumeMounts:
+            - name: mysql-storage
+              mountPath: /var/lib/mysql
+      volumes:
+        - name: mysql-storage
+          persistentVolumeClaim:
+            claimName: mysql-pvc
+
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: mysql-pvc
+  namespace: zabbix
+spec:
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 1Gi
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: zabbix-server
+  namespace: zabbix
+spec:
+  ports:
+    - port: 10051
+  selector:
+    app: zabbix-server
+
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: zabbix-server
+  namespace: zabbix
+spec:
+  selector:
+    matchLabels:
+      app: zabbix-server
+  template:
+    metadata:
+      labels:
+        app: zabbix-server
+    spec:
+      containers:
+        - name: zabbix-server
+          image: zabbix/zabbix-server-mysql:alpine-4.4.0
+          env:
+            - name: DB_SERVER_HOST
+              value: "mysql-server"
+            - name: MYSQL_DATABASE
+              value: "zabbix"
+            - name: MYSQL_USER
+              value: "zabbix"
+            - name: MYSQL_PASSWORD
+              value: "zabbix_password"
+          ports:
+            - containerPort: 10051
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: zabbix-web
+  namespace: zabbix
+spec:
+  ports:
+    - port: 80
+      targetPort: 80
+      nodePort: 23820
+  selector:
+    app: zabbix-web
+  type: NodePort
+
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: zabbix-web
+  namespace: zabbix
+spec:
+  selector:
+    matchLabels:
+      app: zabbix-web
+  template:
+    metadata:
+      labels:
+        app: zabbix-web
+    spec:
+      containers:
+        - name: zabbix-web
+          image: zabbix/zabbix-web-nginx-mysql:alpine-4.4.0
+          env:
+            - name: DB_SERVER_HOST
+              value: "mysql-server"
+            - name: MYSQL_DATABASE
+              value: "zabbix"
+            - name: MYSQL_USER
+              value: "zabbix"
+            - name: MYSQL_PASSWORD
+              value: "zabbix_password"
+            - name: ZBX_SERVER_HOST
+              value: "zabbix-server"
+          ports:
+            - containerPort: 80