CVE-2022-23134 zabbix -- zabbixID: oval:org.secpod.oval:def:77864 | Date: (C)2022-02-25 (M)2023-07-03 |
Class: VULNERABILITY | Family: unix |
After the initial setup process, some steps of setup.php file are reachable not only by super-administrators, but by unauthenticated users as well. Malicious actor can pass step checks and potentially change the configuration of Zabbix Frontend.
Platform: |
Debian 10.x |
Debian 11.x |
Debian 9.x |
Product: |
zabbix-agent |
zabbix-frontend-php |
zabbix-java-gateway |
zabbix-proxy-mysql |
zabbix-proxy-pgsql |
zabbix-proxy-sqlite3 |
zabbix-server-mysql |
zabbix-server-pgsql |