CVE-2022-23134

After the initial setup process, some steps of setup.php file are reachable not only by super-administrators, but by unauthenticated users as well. Malicious actor can pass step checks and potentially change the configuration of Zabbix Frontend.

References

Affected packages

Debian:12 / zabbix

Package

Name: zabbix
Purl: pkg:deb/debian/zabbix?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:6.0.7+dfsg-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / zabbix

Package

Name: zabbix
Purl: pkg:deb/debian/zabbix?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:6.0.7+dfsg-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/zabbix/zabbix

Affected ranges

Type: GIT
Repo: https://github.com/zabbix/zabbix
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

1ca342c90ed471c4547b9a4ea9dfcc147be3f3f0

Last affected

315ec0e63a834834015e7431cc685c6b3ad8c265

Last affected

6b9f1a434682b6102080217ff723cad209610a7d

Last affected

b07e17de0abf0006ddd56c2eb39d3dacda0ba2eb

Last affected

cf8d4a64d29b8fce8e40761533f8dd9438c786fd

Last affected

d3db14ccb5597f10b6353202ac3519cb2c42c556

Last affected

e58e4c62e52436a5b5385e7b58b5a7e9376cc67a

Last affected

f56fed83bc4778f6c8fdc6bedc956d6c2059c56b

Affected versions

5.*

5.0.0

5.0.0alpha1

5.0.0alpha2

5.0.0alpha3

5.0.0alpha4

5.0.0beta1

5.0.0beta2

5.0.0rc1

6.*

6.0.0alpha1

6.0.0alpha2

6.0.0alpha3