{"id":1715,"date":"2022-02-25T15:32:20","date_gmt":"2022-02-25T07:32:20","guid":{"rendered":"https:\/\/blog.billows.com.tw\/?p=1715"},"modified":"2022-02-25T15:32:21","modified_gmt":"2022-02-25T07:32:21","slug":"%e7%be%8e%e5%9c%8bcisa-%e5%b0%b1-zabbix%e7%9b%a3%e6%8e%a7%e5%b9%b3%e5%8f%b0%e4%b8%ad%e5%85%a9%e5%80%8b%e8%a2%ab%e7%a9%8d%e6%a5%b5%e5%88%a9%e7%94%a8%e7%9a%84%e6%bc%8f%e6%b4%9e%e7%99%bc%e5%87%ba","status":"publish","type":"post","link":"https:\/\/blog.billows.com.tw\/?p=1715","title":{"rendered":"\u7f8e\u570bCISA \u5c31 Zabbix\u76e3\u63a7\u5e73\u53f0\u4e2d\u5169\u500b\u88ab\u7a4d\u6975\u5229\u7528\u7684\u6f0f\u6d1e\u767c\u51fa\u8b66\u5831\uff0c\u4e26\u5c07\u5b83\u5011\u52a0\u5165\u5230\u300c\u5df2\u77e5\u88ab\u958b\u63a1\u6f0f\u6d1e\u300d\u6e05\u55ae"},"content":{"rendered":"\n<p>#CVE-2022-23131\u00a0<\/p>\n\n\n\n<p>#CVE-2022-23134<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"865\" height=\"452\" src=\"https:\/\/blog.billows.com.tw\/wp-content\/uploads\/2022\/02\/image-20.png\" alt=\"\" class=\"wp-image-1717\" srcset=\"https:\/\/blog.billows.com.tw\/wp-content\/uploads\/2022\/02\/image-20.png 865w, https:\/\/blog.billows.com.tw\/wp-content\/uploads\/2022\/02\/image-20-300x157.png 300w, https:\/\/blog.billows.com.tw\/wp-content\/uploads\/2022\/02\/image-20-768x401.png 768w\" sizes=\"auto, (max-width: 865px) 100vw, 865px\" \/><\/figure>\n\n\n\n<p>\u7f8e\u570b\u7db2\u8def\u5b89\u5168\u66a8\u57fa\u790e\u67b6\u69cb\u7ba1\u7406\u7f72 (CISA) \u5728\u5176<a href=\"https:\/\/www.cisa.gov\/known-exploited-vulnerabilities-catalog\">\u5df2\u77e5\u88ab\u958b\u63a1\u6f0f\u6d1e\u6e05\u55ae<\/a>(Known Exploited Vulnerabilities Catalog)\u6dfb\u52a0\u4e86\u5169\u500b\u5f71\u97ff Zabbix \u76e3\u63a7\u5de5\u5177\u57fa\u790e\u8a2d\u65bd\u7684\u65b0\u6f0f\u6d1e\uff0c\u6700\u91cd\u8981\u7684\u662f\uff0c\u6839\u64da\u5177\u6709\u7d04\u675f\u6027\u4f5c\u696d<a href=\"https:\/\/cyber.dhs.gov\/bod\/22-01\/\">\u6307\u5f15<\/a>:\u964d\u4f4e\u5df2\u77e5\u88ab\u958b\u63a1\u6f0f\u6d1e\u7684\u91cd\u5927\u98a8\u96aa\u4e2d(Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities)\uff0cCISA \u547d\u4ee4\u806f\u90a6\u6c11\u4e8b\u57f7\u884c\u6a5f\u69cb (Federal Civilian Executive Branch)\u5728 2022 \u5e74 3 \u6708 8 \u65e5\u4e4b\u524d\u5c0d\u6240\u6709\u7cfb\u7d71\u9032\u884c\u6f0f\u6d1e\u4fee\u88dc\uff0c\u4ee5\u6e1b\u5c11\u5176\u906d\u53d7\u6f5b\u5728\u7db2\u8def\u653b\u64ca\u7684\u98a8\u96aa\u3002<\/p>\n\n\n\n<p>\u6f0f\u6d1e\u7de8\u865f<a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2022-23131\">CVE-2022-23131<\/a>\uff08CVSS \u8a55\u5206\uff1a9.8\uff09\u548c <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2022-23134\">CVE-2022-23134<\/a>\uff08CVSS \u8a55\u5206\uff1a5.3\uff09\u9019\u4e9b\u6f0f\u6d1e\u53ef\u80fd\u5c0e\u81f4\u6574\u500b\u7db2\u8def\u53d7\u5230\u5a01\u8105\uff0c\u4f7f\u672a\u7d93\u8eab\u4efd\u9a57\u8b49\u7684\u60e1\u610f\u653b\u64ca\u8005\u80fd\u5920\u63d0\u5347\u6b0a\u9650\u4e26\u7372\u5f97Zabbix \u524d\u7aef\u7ba1\u7406\u54e1\u5b58\u53d6\u6b0a\u9650\u4ee5\u53ca\u9032\u884c\u914d\u7f6e\u66f4\u6539\u3002\u9019\u5169\u500b\u6f0f\u6d1e\u7531\u8cc7\u5b89\u696d\u8005SonarSource \u7684\u7814\u7a76\u54e1 Thomas Chauchefoin\u767c\u73fe\uff0c\u9019\u5169\u500b\u6f0f\u6d1e\u5747\u5f71\u97ff Zabbix Web \u524d\u7aef\u7248\u672c\uff0c\u5305\u62ec 5.4.8\u30015.0.18 \u548c 4.0.36\uff0c\u6b64\u5f8c\uff0c\u96a8\u8457\u7248\u672c 5.4.9\u30015.0.9 \u548c 4.0.37 \u7684\u767c\u5e03\uff0c\u9019\u4e9b\u554f\u984c\u5df2\u5f97\u5230\u89e3\u6c7a\u3002<\/p>\n\n\n\n<p>\u9019\u5169\u500b\u6f0f\u6d1e\u90fd\u662f\u201c\u4e0d\u5b89\u5168\u6703\u8a71\u5b58\u5132\u201d\u7684\u7d50\u679c\uff0c\u5141\u8a31\u653b\u64ca\u8005\u7e5e\u904e\u8eab\u4efd\u9a57\u8b49\u4e26\u57f7\u884c\u4efb\u610f\u7a0b\u5f0f\u78bc\u3002\u7136\u800c\uff0c\u503c\u5f97\u6307\u51fa\u7684\u662f\uff0c\u9019\u4e9b\u6f0f\u6d1e\u50c5\u5f71\u97ff\u555f\u7528\u5b89\u5168\u5ba3\u544a\u6a19\u8a18\u8a9e\u8a00(SAML) \u4e2d\u55ae\u4e00\u767b\u5165(SSO) \u7684\u8eab\u4efd\u9a57\u8b49\u5be6\u4f8b\uff0c\u4f46\u5c08\u5bb6\u8a8d\u70ba\u4f01\u696d\u6216\u7d44\u7e54\u6709\u5fc5\u8981\u5be9\u67e5\u300c\u5df2\u77e5\u88ab\u958b\u63a1\u6f0f\u6d1e\u300d\u6e05\u55ae\u4e26\u89e3\u6c7a\u5176\u57fa\u790e\u8a2d\u65bd\u4e2d\u7684\u6f0f\u6d1e\u3002<\/p>\n\n\n\n<p>\u4ee5\u4e0b\u662fTHOMAS CHAUCHEFOIN\u767c\u73fe\u9019\u5169\u500b\u6f0f\u6d1e\u7684<a href=\"https:\/\/blog.sonarsource.com\/zabbix-case-study-of-unsafe-session-storage\">timeline<\/a>\uff1a<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"865\" height=\"467\" src=\"https:\/\/blog.billows.com.tw\/wp-content\/uploads\/2022\/02\/image-21.png\" alt=\"\" class=\"wp-image-1718\" srcset=\"https:\/\/blog.billows.com.tw\/wp-content\/uploads\/2022\/02\/image-21.png 865w, https:\/\/blog.billows.com.tw\/wp-content\/uploads\/2022\/02\/image-21-300x162.png 300w, https:\/\/blog.billows.com.tw\/wp-content\/uploads\/2022\/02\/image-21-768x415.png 768w\" sizes=\"auto, (max-width: 865px) 100vw, 865px\" \/><\/figure>\n\n\n\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>#CVE-2022-23131\u00a0 #CVE-2022-23134 \u7f8e\u570b\u7db2\u8def\u5b89\u5168\u66a8\u57fa\u790e\u67b6\u69cb\u7ba1\u7406\u7f72 (CISA)  <a class=\"read-more\" href=\"https:\/\/blog.billows.com.tw\/?p=1715\">READ MORE<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[191,174],"class_list":["post-1715","post","type-post","status-publish","format-standard","hentry","category-6","tag-cisa","tag-news"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=\/wp\/v2\/posts\/1715","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1715"}],"version-history":[{"count":1,"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=\/wp\/v2\/posts\/1715\/revisions"}],"predecessor-version":[{"id":1719,"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=\/wp\/v2\/posts\/1715\/revisions\/1719"}],"wp:attachment":[{"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1715"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1715"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1715"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}