Zabbix : Security Vulnerabilities, CVEs, (Gain Privilege) CVSS score >= 5

CVE-2022-23134

Known exploited
After the initial setup process, some steps of setup.php file are reachable not only by super-administrators, but by unauthenticated users as well. Malicious actor can pass step checks and potentially change the configuration of Zabbix Frontend.
Max CVSS
5.3
EPSS Score
62.98%
Published
2022-01-13
Updated
2023-06-27
CISA KEV Added
2022-02-22

CVE-2022-23132

During Zabbix installation from RPM, DAC_OVERRIDE SELinux capability is in use to access PID files in [/var/run/zabbix] folder. In this case, Zabbix Proxy or Server processes can bypass file read, write and execute permissions check on the file system level
Max CVSS
7.5
EPSS Score
0.10%
Published
2022-01-13
Updated
2022-02-10

CVE-2022-22704

The zabbix-agent2 package before 5.4.9-r1 for Alpine Linux sometimes allows privilege escalation to root because the design incorrectly expected that systemd would (in effect) determine part of the configuration.
Max CVSS
10.0
EPSS Score
0.24%
Published
2022-01-06
Updated
2022-01-31

CVE-2013-1364

The user.login function in Zabbix before 1.8.16 and 2.x before 2.0.5rc1 allows remote attackers to override LDAP configuration via the cnf parameter.
Max CVSS
5.0
EPSS Score
0.71%
Published
2013-12-14
Updated
2013-12-16
4 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close