Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-23132

During Zabbix installation from RPM, DAC_OVERRIDE SELinux capability is in use to access PID files in [/var/run/zabbix] folder. In this case, Zabbix Proxy or Server processes can bypass file read, write and execute permissions check on the file system level

Published

2022-01-13T16:15:08.113

Last Modified

2024-11-21T06:48:04.023

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 3.3 (LOW)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

  • Access Vector: NETWORK
  • Access Complexity: LOW
  • Authentication: NONE
  • Confidentiality Impact: PARTIAL
  • Integrity Impact: PARTIAL
  • Availability Impact: PARTIAL
Exploitability Score

10.0

Impact Score

6.4

Weaknesses
  • Type: Secondary
    CWE-284
  • Type: Primary
    CWE-732
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application zabbix zabbix ≤ 4.0.36 Yes
Application zabbix zabbix ≤ 5.0.18 Yes
Application zabbix zabbix ≤ 5.4.8 Yes
Application zabbix zabbix 6.0.0 Yes
Application zabbix zabbix 6.0.0 Yes
Application zabbix zabbix 6.0.0 Yes
Application zabbix zabbix 6.0.0 Yes
Application zabbix zabbix 6.0.0 Yes
Application zabbix zabbix 6.0.0 Yes
Application zabbix zabbix 6.0.0 Yes
Operating System fedoraproject fedora 34 Yes
Operating System fedoraproject fedora 35 Yes
References