During Zabbix installation from RPM, DAC_OVERRIDE SELinux capability is in use to access PID files in [/var/run/zabbix] folder. In this case, Zabbix Proxy or Server processes can bypass file read, write and execute permissions check on the file system level
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
History
10 Feb 2022, 15:01
Type | Values Removed | Values Added |
---|---|---|
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VB6W556GVXOKUYTASTDGL3AI7S3SJHX7/ - Mailing List, Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6SZYHXINBKCY42ITFSNCYE7KCSF33VRA/ - Mailing List, Third Party Advisory | |
CPE | cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:* |
23 Jan 2022, 04:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
19 Jan 2022, 20:56
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 7.5
v3 : 7.3 |
References | (MISC) https://support.zabbix.com/browse/ZBX-20341 - Issue Tracking, Patch, Vendor Advisory | |
CPE | cpe:2.3:a:zabbix:zabbix:6.0.0:alpha4:*:*:*:*:*:* cpe:2.3:a:zabbix:zabbix:*:*:*:*:*:*:*:* cpe:2.3:a:zabbix:zabbix:6.0.0:alpha3:*:*:*:*:*:* cpe:2.3:a:zabbix:zabbix:6.0.0:alpha1:*:*:*:*:*:* cpe:2.3:a:zabbix:zabbix:6.0.0:alpha7:*:*:*:*:*:* cpe:2.3:a:zabbix:zabbix:6.0.0:alpha5:*:*:*:*:*:* cpe:2.3:a:zabbix:zabbix:6.0.0:alpha2:*:*:*:*:*:* cpe:2.3:a:zabbix:zabbix:6.0.0:alpha6:*:*:*:*:*:* |
|
CWE | CWE-732 |
13 Jan 2022, 16:16
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-01-13 16:15
Updated : 2024-02-04 22:08
NVD link : CVE-2022-23132
Mitre link : CVE-2022-23132
CVE.ORG link : CVE-2022-23132
JSON object : View
Products Affected
fedoraproject
- fedora
zabbix
- zabbix