CVE-2022-23134 zabbix -- zabbix| ID: oval:org.secpod.oval:def:77864 | Date: (C)2022-02-25 (M)2023-07-03 |
| Class: VULNERABILITY | Family: unix |
After the initial setup process, some steps of setup.php file are reachable not only by super-administrators, but by unauthenticated users as well. Malicious actor can pass step checks and potentially change the configuration of Zabbix Frontend.
| Platform: |
| Debian 10.x |
| Debian 11.x |
| Debian 9.x |
| Product: |
| zabbix-agent |
| zabbix-frontend-php |
| zabbix-java-gateway |
| zabbix-proxy-mysql |
| zabbix-proxy-pgsql |
| zabbix-proxy-sqlite3 |
| zabbix-server-mysql |
| zabbix-server-pgsql |
