Vulnerability Description
During Zabbix installation from RPM, DAC_OVERRIDE SELinux capability is in use to access PID files in [/var/run/zabbix] folder. In this case, Zabbix Proxy or Server processes can bypass file read, write and execute permissions check on the file system level
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Zabbix | Zabbix | >= 4.0.0, <= 4.0.36 |
| Fedoraproject | Fedora | 34 |
Related Weaknesses (CWE)
References
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://support.zabbix.com/browse/ZBX-20341Issue TrackingPatchVendor Advisory
- https://lists.debian.org/debian-lts-announce/2024/10/msg00000.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://support.zabbix.com/browse/ZBX-20341Issue TrackingPatchVendor Advisory
FAQ
What is CVE-2022-23132?
CVE-2022-23132 is a vulnerability with a CVSS score of 3.3 (LOW). During Zabbix installation from RPM, DAC_OVERRIDE SELinux capability is in use to access PID files in [/var/run/zabbix] folder. In this case, Zabbix Proxy or Server processes can bypass file read, wri...
How severe is CVE-2022-23132?
CVE-2022-23132 has been rated LOW with a CVSS base score of 3.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-23132?
Check the references section above for vendor advisories and patch information. Affected products include: Zabbix Zabbix, Fedoraproject Fedora.