CVE-2022-23132

Summary

During Zabbix installation from RPM, DAC_OVERRIDE SELinux capability is in use to access PID files in [/var/run/zabbix] folder. In this case, Zabbix Proxy or Server processes can bypass file read, write and execute permissions check on the file system level

Affected Software

VendorProductVersion RangeStatus
ZabbixProxy, Server4.0.0 - 4.0.36affected
ZabbixProxy, Server5.0.0 – 5.0.18affected
ZabbixProxy, Server5.4.0 – 5.4.8affected
ZabbixProxy, Server5.0.19 < 5.0.19*unaffected
ZabbixProxy, Server5.4.9 < 5.4.9*unaffected

Weaknesses

  • CWE-284: CWE-284 Improper Access Control

ADP Enrichment

CVE Program Container

Additional References

References