Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2022-43515

Опубликовано: 05 дек. 2022
Источник: debian

Описание

Zabbix Frontend provides a feature that allows admins to maintain the installation and ensure that only certain IP addresses can access it. In this way, any user will not be able to access the Zabbix Frontend while it is being maintained and possible sensitive data will be prevented from being disclosed. An attacker can bypass this protection and access the instance using IP address not listed in the defined range.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
zabbixfixed1:6.0.13+dfsg-1package

Примечания

  • https://support.zabbix.com/browse/ZBX-22050

  • Fixed by: https://git.zabbix.com/projects/ZBX/repos/zabbix/commits/aa58889ba54b2350e211a5f315baabbaf7228045 (4.0.45rc1)

  • Fixed by: https://git.zabbix.com/projects/ZBX/repos/zabbix/commits/50668e9d64af32cdc67a45082c556699ff86565e (5.0.30rc1)

Связанные уязвимости

ubuntu логотип

CVE-2022-43515

CVSS3: 5.3
ubuntu
около 3 лет назад

Zabbix Frontend provides a feature that allows admins to maintain the installation and ensure that only certain IP addresses can access it. In this way, any user will not be able to access the Zabbix Frontend while it is being maintained and possible sensitive data will be prevented from being disclosed. An attacker can bypass this protection and access the instance using IP address not listed in the defined range.

nvd логотип

CVE-2022-43515

CVSS3: 5.3
nvd
около 3 лет назад

Zabbix Frontend provides a feature that allows admins to maintain the installation and ensure that only certain IP addresses can access it. In this way, any user will not be able to access the Zabbix Frontend while it is being maintained and possible sensitive data will be prevented from being disclosed. An attacker can bypass this protection and access the instance using IP address not listed in the defined range.

suse-cvrf логотип

SUSE-SU-2022:4477-1

suse-cvrf
около 3 лет назад

Security update for zabbix

github логотип

GHSA-hh7f-cch9-52mr

CVSS3: 9.8
github
около 3 лет назад

Zabbix Frontend provides a feature that allows admins to maintain the installation and ensure that only certain IP addresses can access it. In this way, any user will not be able to access the Zabbix Frontend while it is being maintained and possible sensitive data will be prevented from being disclosed. An attacker can bypass this protection and access the instance using IP address not listed in the defined range.

fstec логотип

BDU:2023-04799

CVSS3: 9.8
fstec
больше 3 лет назад

Уязвимость универсальной системы мониторинга Zabbix, связанная с неправильной авторизацией, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании