CVE-2022-23134

Known Exploited
Possible view of the setup pages by unauthenticated users if config file already exists

Description

After the initial setup process, some steps of setup.php file are reachable not only by super-administrators, but by unauthenticated users as well. Malicious actor can pass step checks and potentially change the configuration of Zabbix Frontend.

Remediation

Solution:

  • To remediate this vulnerability, apply the updates or if an immediate update is not possible, follow the presented workarounds.

Workaround:

  • If an immediate update is not possible, please remove the setup.php file

Categories

3.7
CVSS
Severity: Low
CVSS 3.1 •
CVSS 2.0 •
EPSS 91.58% Top 5%
KEV Since 
Vendor Advisory fedoraproject.org Vendor Advisory fedoraproject.org Vendor Advisory zabbix.com
Affected: Zabbix Frontend
Published at:
Updated at:

References

Link Tags
https://support.zabbix.com/browse/ZBX-20384 issue tracking patch vendor advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6SZYHXINBKCY42ITFSNCYE7KCSF33VRA/ release notes vendor advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VB6W556GVXOKUYTASTDGL3AI7S3SJHX7/ release notes vendor advisory
https://lists.debian.org/debian-lts-announce/2022/02/msg00008.html third party advisory mailing list

Frequently Asked Questions

What is the severity of CVE-2022-23134?
CVE-2022-23134 has been scored as a low severity vulnerability.
How to fix CVE-2022-23134?
To fix CVE-2022-23134: To remediate this vulnerability, apply the updates or if an immediate update is not possible, follow the presented workarounds.
Is CVE-2022-23134 being actively exploited in the wild?
It is confirmed that CVE-2022-23134 is actively exploited. Be extra cautious if you are using vulnerable components. According to its EPSS score, there is a ~92% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2022-23134?
CVE-2022-23134 affects Zabbix Frontend.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.