CVE-2022-23134 - Design/Logic Flaw
Original CVE data
After the initial setup process, some steps of setup.php file are reachable not only by super-administrators, but by unauthenticated users as well. Malicious actor can pass step checks and potentially change the configuration of Zabbix Frontend.
Debian - (1)
Fedoraproject - (1)
Zabbix - (1)
Common vulnerability metrics
Vulnerability weakness type is in the top 25 CWEs according to MITRE. View Mitre Top 25 CWEs
No exploit code is reported to exist.
Vulnerability is referenced under CISA's Known Exploited Vulnerabilities (KEV) catalog. See the KEV Catalog
No sightings of the vulnerability within threat reports.
How the vulnerability maps against various cybersecurity frameworks
How the submited vulnerability affects compliance
Web Application Security Frameworks
Applicable if the issue likely affects a web application