VDB

CVE-2022-23134

CVE-2022-23134 PUBLISHED KEV CVSS 3.700000047683716 LOW

After the initial setup process, some steps of setup.php file are reachable not only by super-administrators, but by unauthenticated users as well. Malicious actor can pass step checks and potentially change the configuration of Zabbix Frontend.

EPSS 92.61% · 99.8th percentile

Risk Scores

CVSS 3.1
3.700000047683716
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
EPSS Score
92.61%
99.8th percentile

Affected Products

VendorProductVersions
debiandebian_linux9.0
zabbixzabbix6.0.0, 6.0.0, 6.0.0
ZabbixFrontend5.4.9, 5.4.0 - 5.4.8
fedoraprojectfedora34, 35

Timeline

  • Jan 13, 2022 CVE Published
  • Feb 8, 2022 EPSS Score
  • Feb 22, 2022 CISA KEV Added
  • Mar 25, 2023 EPSS Score
  • May 30, 2023 EPSS Score
  • Jun 14, 2023 PoC Published
  • Jun 26, 2023 EPSS Score
  • Jun 28, 2023 EPSS Score
  • Aug 6, 2023 EPSS Score
  • Oct 18, 2023 EPSS Score
  • Nov 8, 2023 EPSS Score
  • Nov 16, 2023 EPSS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›