CVE-2022-23132

See a problem?
Source
https://nvd.nist.gov/vuln/detail/CVE-2022-23132
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-23132.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-23132
Published
2022-01-13T16:15:08Z
Modified
2024-06-13T07:37:41.384508Z
Severity
  • 7.3 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L CVSS Calculator
Summary
[none]
Details

During Zabbix installation from RPM, DAC_OVERRIDE SELinux capability is in use to access PID files in [/var/run/zabbix] folder. In this case, Zabbix Proxy or Server processes can bypass file read, write and execute permissions check on the file system level

References

Affected packages

Git / github.com/zabbix/zabbix

Affected versions

5.*

5.0.0
5.0.1
5.0.10
5.0.10rc1
5.0.11
5.0.11rc1
5.0.12
5.0.12rc1
5.0.13
5.0.13rc1
5.0.14
5.0.14rc1
5.0.15
5.0.15rc1
5.0.16
5.0.16rc1
5.0.16rc2
5.0.17
5.0.17rc1
5.0.18
5.0.18rc1
5.0.1rc1
5.0.2
5.0.2rc1
5.0.3
5.0.3.rc2
5.0.3rc1
5.0.3rc2
5.0.4
5.0.4rc1
5.0.5
5.0.5rc1
5.0.6
5.0.6rc1
5.0.7
5.0.7rc1
5.0.8
5.0.8rc1
5.0.9
5.0.9rc1
5.0.9rc2

6.*

6.0.0alpha1
6.0.0alpha2
6.0.0alpha3