CVE-2022-23134

After the initial setup process, some steps of setup.php file are reachable not only by super-administrators, but by unauthenticated users as well. Malicious actor can pass step checks and potentially change the configuration of Zabbix Frontend.

Published: Jan 13, 2022
Updated: Apr 14, 2023
CVE: CVE-2022-23134
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.3
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:N/I:P/A:N

CWEs:

OWASP TOP 10:

A2 - Broken Authentication

Affected Software
References

Software	From	Fixed in
zabbix / zabbix	6.0.0-alpha2	6.0.0-alpha2.x
zabbix / zabbix	6.0.0-alpha3	6.0.0-alpha3.x
zabbix / zabbix	6.0.0-alpha4	6.0.0-alpha4.x
zabbix / zabbix	6.0.0-alpha5	6.0.0-alpha5.x
zabbix / zabbix	6.0.0-alpha6	6.0.0-alpha6.x
zabbix / zabbix	6.0.0-alpha7	6.0.0-alpha7.x
zabbix / zabbix	6.0.0-beta1	6.0.0-beta1.x
zabbix / zabbix	5.4.0	5.4.8.x
zabbix / zabbix	6.0.0-alpha1	6.0.0-alpha1.x
fedoraproject / fedora	34	34.x
fedoraproject / fedora	35	35.x
debian / debian_linux	9.0	9.0.x

Vulnerability Database

289,697

CVE-2022-23134