Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
alpinelinuxAlpine Linux Development TeamALPINE:CVE-2022-23134
HistoryJan 13, 2022 - 4:15 p.m.

CVE-2022-23134

2022-01-1316:15:00
Alpine Linux Development Team
security.alpinelinux.org
93
initial setup
unauthenticated access
setup.php
security risk
zabbix frontend

EPSS

0.609

Percentile

97.8%

JSON

After the initial setup process, some steps of setup.php file are reachable not only by super-administrators, but by unauthenticated users as well. Malicious actor can pass step checks and potentially change the configuration of Zabbix Frontend.

OSVersionArchitecturePackageVersionFilename
Alpineedge-communitynoarchzabbix= 6.0.0-r0UNKNOWN

Related

openvas 4
cvelist 1
attackerkb 1
osv 2
debiancve 1
debian 1
checkpoint_advisories 1
prion 1
ubuntucve 1
nuclei 1
cve 1
nessus 3
cisa_kev 1
nvd 1
cisa 1
hivepro 1
thn 1
fedora 2
suse 2
sonarsource 1
openvas
openvas
Debian: Security Advisory (DLA-2914-1)
2022-02-08 00:00:00
Fedora: Security Advisory for zabbix (FEDORA-2022-1a667b0f90)
2022-01-23 00:00:00
Fedora: Security Advisory for zabbix (FEDORA-2022-dfe346f53f)
2022-01-23 00:00:00
cvelist
cvelist
CVE-2022-23134 Possible view of the setup pages by unauthenticated users if config file already exists
2022-01-13 15:50:42
attackerkb
attackerkb
CVE-2022-23134
2021-12-20 00:00:00
osv
osv
zabbix - security update
2022-02-07 00:00:00
CVE-2022-23134
2022-01-13 16:15:08
debiancve
debiancve
CVE-2022-23134
2022-01-13 16:15:08
debian
debian
[SECURITY] [DLA 2914-1] zabbix security update
2022-02-07 21:48:51
checkpoint_advisories
checkpoint_advisories
Zabbix Web Frontend Authentication Bypass (CVE-2022-23134)
2022-03-02 00:00:00
prion
prion
Design/Logic Flaw
2022-01-13 16:15:00
ubuntucve
ubuntucve
CVE-2022-23134
2022-01-13 00:00:00
nuclei
nuclei
Zabbix Setup Configuration Authentication Bypass
2022-02-25 16:00:40
cve
cve
CVE-2022-23134
2022-01-13 16:15:08
nessus
nessus
Debian DLA-2914-1 : zabbix - LTS security update
2022-02-07 00:00:00
openSUSE 15 Security Update : zabbix (openSUSE-SU-2022:0036-1)
2022-02-17 00:00:00
Zabbix 5.4.x < 5.4.9 Multiple Vulnerabilities
2022-02-28 00:00:00
cisa_kev
cisa_kev
Zabbix Frontend Improper Access Control Vulnerability
2022-02-22 00:00:00
nvd
nvd
CVE-2022-23134
2022-01-13 16:15:08
cisa
cisa
CISA Adds Two Known Exploited Vulnerabilities to Catalog
2022-02-22 00:00:00
hivepro
hivepro
Zabbix affected by two actively exploited vulnerabilities
2022-02-24 10:27:48
thn
thn
CISA Alerts on Actively Exploited Flaws in Zabbix Network Monitoring Platform
2022-02-24 12:16:00
fedora
fedora
[SECURITY] Fedora 35 Update: zabbix-5.0.19-1.fc35
2022-01-23 01:44:38
[SECURITY] Fedora 34 Update: zabbix-5.0.19-1.fc34
2022-01-23 01:08:21
suse
suse
Security update for zabbix (moderate)
2022-02-16 00:00:00
Security update for MozillaThunderbird (important)
2022-03-01 00:00:00
sonarsource
sonarsource
Zabbix - A Case Study of Unsafe Session Storage
2022-02-16 00:00:00

EPSS

0.609

Percentile

97.8%

JSON
Related for ALPINE:CVE-2022-23134
openvas4cvelist1attackerkb1osv2debiancve1debian1checkpoint_advisories1prion1ubuntucve1nuclei1cve1nessus3cisa_kev1nvd1cisa1hivepro1thn1fedora2suse2sonarsource1