PT-2021-7721 · Zabbix+2 · Zabbix+2

Brian J. Murrell

Published

2019-05-20

Updated

2024-10-03

CVE-2022-23132

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Zabbix (affected versions not specified)

Description The issue is related to incorrect permission assignment for a critical resource in Zabbix. Exploitation of this issue may allow a remote attacker to access confidential data, compromise its integrity, and cause a denial of service. During Zabbix installation from RPM, the DAC OVERRIDE SELinux capability is used to access PID files in the /var/run/zabbix folder, allowing Zabbix Proxy or Server processes to bypass file read, write, and execute permissions checks on the file system level.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Incorrect Permission

Improper Access Control

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-732CWE-284

Related Identifiers

ALT-PU-2019-1862

ALT-PU-2020-1083

ALT-PU-2021-3617

ALT-PU-2022-2499

ALT-PU-2023-6268

BDU:2023-01720

CVE-2022-23132

DLA-3909-1

Affected Products

Alt Linux

Astra Linux

Zabbix

PT-2021-7721 · Zabbix+2 · Zabbix+2

CVE-2022-23132

Weakness Enumeration

Related Identifiers

Affected Products

References · 19