CVE-2023-32723

Summary

Request to LDAP is sent before user permissions are checked.

Affected Software

VendorProductVersion RangeStatus
ZabbixZabbix4.0.0 <= 4.0.19rc1affected
ZabbixZabbix4.4.0 <= 4.4.7rc1affected
ZabbixZabbix5.0.0alpha1 <= 5.0.0alpha4affected

Weaknesses

  • CWE-732: CWE-732 Incorrect Permission Assignment for Critical Resource

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References