← Back

CVE-2022-23134

nvd nistnuclei
Published: Jan 13, 2022Modified: Oct 30, 2025CISA KEV

JSON object

Loading...
5.3
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Exploitability: 3.9 / Impact: 1.4
Source: NVD

Description

After the initial setup process, some steps of setup.php file are reachable not only by super-administrators, but by unauthenticated users as well. Malicious actor can pass step checks and potentially change the configuration of Zabbix Frontend.

Affected (12)

Zabbix
1 product
Zabbix
Fedoraproject
1 product
Fedora
Debian
1 product
Debian Linux
Configuration A
9 vulnerable
Vulnerable SoftwareAffected Versions
Zabbix
Zabbix
From 5.4.0 to 5.4.8
Zabbix
Version 6.0.0 alpha1
Zabbix
Version 6.0.0 alpha2
Zabbix
Version 6.0.0 alpha3
Zabbix
Version 6.0.0 alpha4
Zabbix
Version 6.0.0 alpha5
Zabbix
Version 6.0.0 alpha6
Zabbix
Version 6.0.0 alpha7
Zabbix
Version 6.0.0 beta1
Configuration B
2 vulnerable
Vulnerable SoftwareAffected Versions
Fedoraproject
Fedora
Version 34
Fedora
Version 35
Configuration C
1 vulnerable
Vulnerable SoftwareAffected Versions
Debian Linux
Version 9.0

Related CWEs

CWE-284
Improper Access Control
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
CWE-287
Improper Authentication
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

References (9)

Source: security@zabbix.com
Mailing ListThird Party Advisory
Source: security@zabbix.com
Release Notes
Source: security@zabbix.com
Release Notes
Source: security@zabbix.com
Issue TrackingPatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Release Notes
Source: af854a3a-2127-422b-91ae-364da2661108
Release Notes
Source: af854a3a-2127-422b-91ae-364da2661108
Issue TrackingPatchVendor Advisory
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
US Government Resource

Timeline

No history available yet.