CVE-2022-23132

See a problem?

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-23132

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-23132.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-23132

Related

Published

2022-01-13T16:15:08Z

Modified

2024-10-03T19:56:54.442323Z

Severity

7.3 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L CVSS Calculator

Summary

[none]

Details

During Zabbix installation from RPM, DAC_OVERRIDE SELinux capability is in use to access PID files in [/var/run/zabbix] folder. In this case, Zabbix Proxy or Server processes can bypass file read, write and execute permissions check on the file system level

References

Affected packages

Debian:11 / zabbix

Package

Name: zabbix
Purl: pkg:deb/debian/zabbix?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:5.0.44+dfsg-1+deb11u1

Affected versions

1:5.*

1:5.0.8+dfsg-1

1:5.0.14+dfsg-1~bpo11+1

1:5.0.14+dfsg-1

1:5.0.17+dfsg-1~bpo11+1

1:5.0.17+dfsg-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / zabbix

Package

Name: zabbix
Purl: pkg:deb/debian/zabbix?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:6.0.7+dfsg-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / zabbix

Package

Name: zabbix
Purl: pkg:deb/debian/zabbix?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:6.0.7+dfsg-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/zabbix/zabbix

Affected ranges

Type: GIT
Repo: https://github.com/zabbix/zabbix
Events: Last affected

1ca342c90ed471c4547b9a4ea9dfcc147be3f3f0

Last affected

315ec0e63a834834015e7431cc685c6b3ad8c265

Last affected

6b9f1a434682b6102080217ff723cad209610a7d

Last affected

b07e17de0abf0006ddd56c2eb39d3dacda0ba2eb

Introduced

9665d62db0e4b40f8fadbcf830e06530a0cc6935

Last affected

c3f6aa65fefe15ec2d62fcd3364bbf04744ea248

Last affected

cf8d4a64d29b8fce8e40761533f8dd9438c786fd

Last affected

e58e4c62e52436a5b5385e7b58b5a7e9376cc67a

Last affected

f56fed83bc4778f6c8fdc6bedc956d6c2059c56b

Affected versions

5.*

5.0.0

5.0.1

5.0.10

5.0.10rc1

5.0.11

5.0.11rc1

5.0.12

5.0.12rc1

5.0.13

5.0.13rc1

5.0.14

5.0.14rc1

5.0.15

5.0.15rc1

5.0.16

5.0.16rc1

5.0.16rc2

5.0.17

5.0.17rc1

5.0.18

5.0.18rc1

5.0.1rc1

5.0.2

5.0.2rc1

5.0.3

5.0.3.rc2

5.0.3rc1

5.0.3rc2

5.0.4

5.0.4rc1

5.0.5

5.0.5rc1

5.0.6

5.0.6rc1

5.0.7

5.0.7rc1

5.0.8

5.0.8rc1

5.0.9

5.0.9rc1

5.0.9rc2

6.*

6.0.0alpha1

6.0.0alpha2

6.0.0alpha3