Vulnerability Description
After the initial setup process, some steps of setup.php file are reachable not only by super-administrators, but by unauthenticated users as well. Malicious actor can pass step checks and potentially change the configuration of Zabbix Frontend.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Zabbix | Zabbix | >= 5.4.0, <= 5.4.8 |
| Fedoraproject | Fedora | 34 |
| Debian | Debian Linux | 9.0 |
Related Weaknesses (CWE)
References
- https://lists.debian.org/debian-lts-announce/2022/02/msg00008.htmlMailing ListThird Party Advisory
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproRelease Notes
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproRelease Notes
- https://support.zabbix.com/browse/ZBX-20384Issue TrackingPatchVendor Advisory
- https://lists.debian.org/debian-lts-announce/2022/02/msg00008.htmlMailing ListThird Party Advisory
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproRelease Notes
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproRelease Notes
- https://support.zabbix.com/browse/ZBX-20384Issue TrackingPatchVendor Advisory
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-US Government Resource
FAQ
What is CVE-2022-23134?
CVE-2022-23134 is a vulnerability with a CVSS score of 3.7 (LOW). After the initial setup process, some steps of setup.php file are reachable not only by super-administrators, but by unauthenticated users as well. Malicious actor can pass step checks and potentially...
How severe is CVE-2022-23134?
CVE-2022-23134 has been rated LOW with a CVSS base score of 3.7/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-23134?
Check the references section above for vendor advisories and patch information. Affected products include: Zabbix Zabbix, Fedoraproject Fedora, Debian Debian Linux.