{"id":"CVE-2022-23134","details":"After the initial setup process, some steps of setup.php file are reachable not only by super-administrators, but by unauthenticated users as well. Malicious actor can pass step checks and potentially change the configuration of Zabbix Frontend.","modified":"2026-04-10T04:45:24.545621Z","published":"2022-01-13T16:15:08.227Z","related":["openSUSE-SU-2022:0036-1","openSUSE-SU-2024:11772-1"],"references":[{"type":"WEB","url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-23134"},{"type":"ADVISORY","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6SZYHXINBKCY42ITFSNCYE7KCSF33VRA/"},{"type":"ADVISORY","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VB6W556GVXOKUYTASTDGL3AI7S3SJHX7/"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2022/02/msg00008.html"},{"type":"FIX","url":"https://support.zabbix.com/browse/ZBX-20384"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/zabbix/zabbix","events":[{"introduced":"0"},{"last_affected":"f56fed83bc4778f6c8fdc6bedc956d6c2059c56b"},{"introduced":"0"},{"last_affected":"315ec0e63a834834015e7431cc685c6b3ad8c265"},{"introduced":"0"},{"last_affected":"1ca342c90ed471c4547b9a4ea9dfcc147be3f3f0"},{"introduced":"0"},{"last_affected":"e58e4c62e52436a5b5385e7b58b5a7e9376cc67a"},{"introduced":"0"},{"last_affected":"6b9f1a434682b6102080217ff723cad209610a7d"},{"introduced":"0"},{"last_affected":"b07e17de0abf0006ddd56c2eb39d3dacda0ba2eb"},{"introduced":"0"},{"last_affected":"cf8d4a64d29b8fce8e40761533f8dd9438c786fd"},{"introduced":"0"},{"last_affected":"d3db14ccb5597f10b6353202ac3519cb2c42c556"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"6.0.0-alpha1"},{"introduced":"0"},{"last_affected":"6.0.0-alpha2"},{"introduced":"0"},{"last_affected":"6.0.0-alpha3"},{"introduced":"0"},{"last_affected":"6.0.0-alpha4"},{"introduced":"0"},{"last_affected":"6.0.0-alpha5"},{"introduced":"0"},{"last_affected":"6.0.0-alpha6"},{"introduced":"0"},{"last_affected":"6.0.0-alpha7"},{"introduced":"0"},{"last_affected":"6.0.0-beta1"}]}}],"versions":["6.0.0alpha1","6.0.0alpha2","6.0.0alpha3","6.0.0alpha4","6.0.0alpha5","6.0.0alpha6","6.0.0alpha7","6.0.0beta1"],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"5.4.0"},{"last_affected":"5.4.8"}]},{"events":[{"introduced":"0"},{"last_affected":"34"}]},{"events":[{"introduced":"0"},{"last_affected":"35"}]},{"events":[{"introduced":"0"},{"last_affected":"9.0"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-23134.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}]}