Security warning for Zabbix

Hello friends,

currently there seems to be a security problem with Zabbix.
But read for yourself:



Updating to the latest version should be enough to be safe.

From the article you shared:

We highly recommend upgrading your instances running a Zabbix Web Frontend to 6.0.0beta2, 5.4.9, 5.0.19 or 4.0.37 to protect your infrastructure.

We use Zabbix 5, the most recent version is 5.0.20-1.

1 Like

This is only of concern when using SAML SSO authentication…

If using AD authentification, this is not an issue, something I have pointed out already in context of Single Sign On, eg LemonLDAP…

Then again, AD does not really provide SSO, it only provides a user / PW combination that can be used in several places with synched password changes. This is NOT the same as SSO, as in Zabbix with AD I still have to log in on the Web page, even if I am already logged in on the local Windows (or Linux) workstation.

SSO tendentially has less security, as a shortly vacated workstation can be misused in a large context, due to the need to login again with AD, this is less prone to misuse. (Or limits misuse to the workstation, not company applications or web pages…).

My 2 cents


Thanks @transocean for the heads-up.
The installation i use (not updated today) has this answer

[root@zabbix ~]# rpm -qa *zabbix*
[root@zabbix ~]#

Zabbix 5.0.20 has been released 31 Jan 2022, so if anyone is using the application and had it updated since (at least) 7 Feb 2022 should already have an updated version.
Anyway… due to release of kernel 3.10.0-1160.59.1.el7 time for update AND reboot.


Zabbix 5.0.21 has been published today.

1 Like