Zabbix : Security Vulnerabilities, CVEs, (Gain Privilege) CVSS score >= 5
CVE-2022-23134
Known exploited
After the initial setup process, some steps of setup.php file are reachable not only by super-administrators, but by unauthenticated users as well. Malicious actor can pass step checks and potentially change the configuration of Zabbix Frontend.
Max CVSS
5.3
EPSS Score
62.98%
Published
2022-01-13
Updated
2023-06-27
CISA KEV Added
2022-02-22
During Zabbix installation from RPM, DAC_OVERRIDE SELinux capability is in use to access PID files in [/var/run/zabbix] folder. In this case, Zabbix Proxy or Server processes can bypass file read, write and execute permissions check on the file system level
Max CVSS
7.5
EPSS Score
0.10%
Published
2022-01-13
Updated
2022-02-10
The zabbix-agent2 package before 5.4.9-r1 for Alpine Linux sometimes allows privilege escalation to root because the design incorrectly expected that systemd would (in effect) determine part of the configuration.
Max CVSS
10.0
EPSS Score
0.24%
Published
2022-01-06
Updated
2022-01-31
The user.login function in Zabbix before 1.8.16 and 2.x before 2.0.5rc1 allows remote attackers to override LDAP configuration via the cnf parameter.
Max CVSS
5.0
EPSS Score
0.71%
Published
2013-12-14
Updated
2013-12-16
4 vulnerabilities found