CVE-2022-23132 — Improper Access Control in Zabbix

CWE-284 — Improper Access Control CWE-732 — Incorrect Permission Assignment4 documents4 sources

Severity

7.3HIGHNVD

EPSS

0.1%

top 65.65%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Zabbix Debian Zabbix Fedoraproject Fedora

Timeline

PublishedJan 13

Latest updateJan 14

Description

During Zabbix installation from RPM, DAC_OVERRIDE SELinux capability is in use to access PID files in [/var/run/zabbix] folder. In this case, Zabbix Proxy or Server processes can bypass file read, write and execute permissions check on the file system level

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:LExploitability: 3.9 | Impact: 3.4

Affected Packages3 packages

▶debiandebian/zabbix< zabbix 1:6.0.7+dfsg-2 (bookworm)

▶Debianzabbix/zabbix< 1:5.0.44+dfsg-1+deb11u1+3

▶NVDzabbix/zabbix4.0.0 — 4.0.36+3

Also affects: Fedora 34, 35

Patches

Patch: support.zabbix.com ↗Patch: support.zabbix.com ↗

🔴Vulnerability Details

GHSA

GHSA-qqcg-7f79-v65c: During Zabbix installation from RPM, DAC_OVERRIDE SELinux capability is in use to access PID files in [/var/run/zabbix] folder↗2022-01-14

▶

OSV

CVE-2022-23132: During Zabbix installation from RPM, DAC_OVERRIDE SELinux capability is in use to access PID files in [/var/run/zabbix] folder↗2022-01-13

▶

📋Vendor Advisories

Debian

CVE-2022-23132: zabbix - During Zabbix installation from RPM, DAC_OVERRIDE SELinux capability is in use t...↗2022

▶