CVE-2022-23132
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
EPSS
Percentile
52.3%
During Zabbix installation from RPM, DAC_OVERRIDE SELinux capability is in use to access PID files in [/var/run/zabbix] folder. In this case, Zabbix Proxy or Server processes can bypass file read, write and execute permissions check on the file system level
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| zabbix | zabbix | * | cpe:2.3:a:zabbix:zabbix:*:*:*:*:*:*:*:* |
| zabbix | zabbix | 6.0.0 | cpe:2.3:a:zabbix:zabbix:6.0.0:alpha1:*:*:*:*:*:* |
| zabbix | zabbix | 6.0.0 | cpe:2.3:a:zabbix:zabbix:6.0.0:alpha2:*:*:*:*:*:* |
| zabbix | zabbix | 6.0.0 | cpe:2.3:a:zabbix:zabbix:6.0.0:alpha3:*:*:*:*:*:* |
| zabbix | zabbix | 6.0.0 | cpe:2.3:a:zabbix:zabbix:6.0.0:alpha4:*:*:*:*:*:* |
| zabbix | zabbix | 6.0.0 | cpe:2.3:a:zabbix:zabbix:6.0.0:alpha5:*:*:*:*:*:* |
| zabbix | zabbix | 6.0.0 | cpe:2.3:a:zabbix:zabbix:6.0.0:alpha6:*:*:*:*:*:* |
| zabbix | zabbix | 6.0.0 | cpe:2.3:a:zabbix:zabbix:6.0.0:alpha7:*:*:*:*:*:* |
| fedoraproject | fedora | 34 | cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:* |
| fedoraproject | fedora | 35 | cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:* |
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
EPSS
Percentile
52.3%