After the initial setup process, some steps of setup.php file are reachable not only by super-administrators, but by unauthenticated users as well. Malicious actor can pass step checks and potentially change the configuration of Zabbix Frontend.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
History
07 Nov 2023, 03:44
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
27 Jun 2023, 19:02
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-287 |
10 Feb 2022, 07:53
Type | Values Removed | Values Added |
---|---|---|
First Time |
Debian
Debian debian Linux Fedoraproject fedora Fedoraproject |
|
CPE | cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:* |
|
References | (MLIST) https://lists.debian.org/debian-lts-announce/2022/02/msg00008.html - Mailing List, Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6SZYHXINBKCY42ITFSNCYE7KCSF33VRA/ - Mailing List, Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VB6W556GVXOKUYTASTDGL3AI7S3SJHX7/ - Mailing List, Third Party Advisory |
08 Feb 2022, 00:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
23 Jan 2022, 04:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
19 Jan 2022, 20:29
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:zabbix:zabbix:*:*:*:*:*:*:*:* cpe:2.3:a:zabbix:zabbix:6.0.0:alpha2:*:*:*:*:*:* cpe:2.3:a:zabbix:zabbix:6.0.0:alpha1:*:*:*:*:*:* cpe:2.3:a:zabbix:zabbix:6.0.0:alpha5:*:*:*:*:*:* cpe:2.3:a:zabbix:zabbix:6.0.0:alpha7:*:*:*:*:*:* cpe:2.3:a:zabbix:zabbix:6.0.0:alpha6:*:*:*:*:*:* cpe:2.3:a:zabbix:zabbix:6.0.0:alpha4:*:*:*:*:*:* cpe:2.3:a:zabbix:zabbix:6.0.0:alpha3:*:*:*:*:*:* cpe:2.3:a:zabbix:zabbix:6.0.0:beta1:*:*:*:*:*:* |
|
CWE | CWE-863 | |
CVSS |
v2 : v3 : |
v2 : 5.0
v3 : 5.3 |
First Time |
Zabbix
Zabbix zabbix |
|
References | (MISC) https://support.zabbix.com/browse/ZBX-20384 - Issue Tracking, Patch, Vendor Advisory |
13 Jan 2022, 16:16
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-01-13 16:15
Updated : 2023-12-10 14:09
NVD link : CVE-2022-23134
Mitre link : CVE-2022-23134
CVE.ORG link : CVE-2022-23134
JSON object : View
Products Affected
zabbix
- zabbix
debian
- debian_linux
fedoraproject
- fedora