CVE-2022-23134

See a problem?
Source
https://nvd.nist.gov/vuln/detail/CVE-2022-23134
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-23134.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-23134
Related
Published
2022-01-13T16:15:08Z
Modified
2024-09-18T03:18:17.263976Z
Severity
  • 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVSS Calculator
Summary
[none]
Details

After the initial setup process, some steps of setup.php file are reachable not only by super-administrators, but by unauthenticated users as well. Malicious actor can pass step checks and potentially change the configuration of Zabbix Frontend.

References

Affected packages

Debian:12 / zabbix

Package

Name
zabbix
Purl
pkg:deb/debian/zabbix?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:6.0.7+dfsg-2

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:13 / zabbix

Package

Name
zabbix
Purl
pkg:deb/debian/zabbix?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:6.0.7+dfsg-2

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Git / github.com/zabbix/zabbix

Affected ranges

Type
GIT
Repo
https://github.com/zabbix/zabbix
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
1ca342c90ed471c4547b9a4ea9dfcc147be3f3f0
Last affected
315ec0e63a834834015e7431cc685c6b3ad8c265
Last affected
6b9f1a434682b6102080217ff723cad209610a7d
Last affected
b07e17de0abf0006ddd56c2eb39d3dacda0ba2eb
Last affected
cf8d4a64d29b8fce8e40761533f8dd9438c786fd
Last affected
d3db14ccb5597f10b6353202ac3519cb2c42c556
Last affected
e58e4c62e52436a5b5385e7b58b5a7e9376cc67a
Last affected
f56fed83bc4778f6c8fdc6bedc956d6c2059c56b

Affected versions

5.*

5.0.0
5.0.0alpha1
5.0.0alpha2
5.0.0alpha3
5.0.0alpha4
5.0.0beta1
5.0.0beta2
5.0.0rc1

6.*

6.0.0alpha1
6.0.0alpha2
6.0.0alpha3