Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntucveUbuntu.comUB:CVE-2022-23134
HistoryJan 13, 2022 - 12:00 a.m.

CVE-2022-23134

2022-01-1300:00:00
ubuntu.com
ubuntu.com
17
setup file
unauthenticated access
zabbix frontend
security bug

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

EPSS

0.609

Percentile

97.8%

JSON

After the initial setup process, some steps of setup.php file are reachable
not only by super-administrators, but by unauthenticated users as well.
Malicious actor can pass step checks and potentially change the
configuration of Zabbix Frontend.

Bugs

Related

alpinelinux 1
attackerkb 1
osv 2
openvas 4
cvelist 1
debiancve 1
debian 1
checkpoint_advisories 1
prion 1
nuclei 1
cve 1
nessus 3
cisa_kev 1
nvd 1
cisa 1
hivepro 1
thn 1
fedora 2
suse 2
sonarsource 1
alpinelinux
alpinelinux
CVE-2022-23134
2022-01-13 16:15:00
attackerkb
attackerkb
CVE-2022-23134
2021-12-20 00:00:00
osv
osv
zabbix - security update
2022-02-07 00:00:00
CVE-2022-23134
2022-01-13 16:15:08
openvas
openvas
Debian: Security Advisory (DLA-2914-1)
2022-02-08 00:00:00
Fedora: Security Advisory for zabbix (FEDORA-2022-1a667b0f90)
2022-01-23 00:00:00
Fedora: Security Advisory for zabbix (FEDORA-2022-dfe346f53f)
2022-01-23 00:00:00
cvelist
cvelist
CVE-2022-23134 Possible view of the setup pages by unauthenticated users if config file already exists
2022-01-13 15:50:42
debiancve
debiancve
CVE-2022-23134
2022-01-13 16:15:08
debian
debian
[SECURITY] [DLA 2914-1] zabbix security update
2022-02-07 21:48:51
checkpoint_advisories
checkpoint_advisories
Zabbix Web Frontend Authentication Bypass (CVE-2022-23134)
2022-03-02 00:00:00
prion
prion
Design/Logic Flaw
2022-01-13 16:15:00
nuclei
nuclei
Zabbix Setup Configuration Authentication Bypass
2022-02-25 16:00:40
cve
cve
CVE-2022-23134
2022-01-13 16:15:08
nessus
nessus
Debian DLA-2914-1 : zabbix - LTS security update
2022-02-07 00:00:00
openSUSE 15 Security Update : zabbix (openSUSE-SU-2022:0036-1)
2022-02-17 00:00:00
Zabbix 5.4.x < 5.4.9 Multiple Vulnerabilities
2022-02-28 00:00:00
cisa_kev
cisa_kev
Zabbix Frontend Improper Access Control Vulnerability
2022-02-22 00:00:00
nvd
nvd
CVE-2022-23134
2022-01-13 16:15:08
cisa
cisa
CISA Adds Two Known Exploited Vulnerabilities to Catalog
2022-02-22 00:00:00
hivepro
hivepro
Zabbix affected by two actively exploited vulnerabilities
2022-02-24 10:27:48
thn
thn
CISA Alerts on Actively Exploited Flaws in Zabbix Network Monitoring Platform
2022-02-24 12:16:00
fedora
fedora
[SECURITY] Fedora 35 Update: zabbix-5.0.19-1.fc35
2022-01-23 01:44:38
[SECURITY] Fedora 34 Update: zabbix-5.0.19-1.fc34
2022-01-23 01:08:21
suse
suse
Security update for zabbix (moderate)
2022-02-16 00:00:00
Security update for MozillaThunderbird (important)
2022-03-01 00:00:00
sonarsource
sonarsource
Zabbix - A Case Study of Unsafe Session Storage
2022-02-16 00:00:00

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

EPSS

0.609

Percentile

97.8%

JSON
Related for UB:CVE-2022-23134
alpinelinux1attackerkb1osv2openvas4cvelist1debiancve1debian1checkpoint_advisories1prion1nuclei1cve1nessus3cisa_kev1nvd1cisa1hivepro1thn1fedora2suse2sonarsource1