OpenCVE

During Zabbix installation from RPM, DAC_OVERRIDE SELinux capability is in use to access PID files in [/var/run/zabbix] folder. In this case, Zabbix Proxy or Server processes can bypass file read, write and execute permissions check on the file system level

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Fedoraproject	Fedora
Zabbix	Zabbix

Configuration 1 [-]

OR	cpe:2.3:a:zabbix:zabbix::::::::
	cpe:2.3:a:zabbix:zabbix::::::::
	cpe:2.3:a:zabbix:zabbix::::::::
	cpe:2.3:a:zabbix:zabbix:6.0.0:alpha1::::::
	cpe:2.3:a:zabbix:zabbix:6.0.0:alpha2::::::
	cpe:2.3:a:zabbix:zabbix:6.0.0:alpha3::::::
	cpe:2.3:a:zabbix:zabbix:6.0.0:alpha4::::::
	cpe:2.3:a:zabbix:zabbix:6.0.0:alpha5::::::
	cpe:2.3:a:zabbix:zabbix:6.0.0:alpha6::::::
	cpe:2.3:a:zabbix:zabbix:6.0.0:alpha7::::::

Configuration 2 [-]

OR	cpe:2.3:o:fedoraproject:fedora:34:::::::*
	cpe:2.3:o:fedoraproject:fedora:35:::::::*

No data.

References

Link	Providers
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6SZYHXINBKCY42ITFSNCYE7KCSF33VRA/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VB6W556GVXOKUYTASTDGL3AI7S3SJHX7/
https://support.zabbix.com/browse/ZBX-20341

History

No history.

MITRE

Status: PUBLISHED

Assigner: Zabbix

Published: 2022-01-13T15:50:40.425921Z

Updated: 2024-09-16T20:37:11.038Z

Reserved: 2022-01-11T00:00:00

Link: CVE-2022-23132

Vulnrichment

No data.

NVD

Status : Modified

Published: 2022-01-13T16:15:08.113

Modified: 2023-11-07T03:44:04.800

Link: CVE-2022-23132

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Proxy, Server", "vendor": "Zabbix", "versions": [{"status": "affected", "version": "4.0.0 - 4.0.36"}, {"status": "affected", "version": "5.0.0 \u2013 5.0.18"}, {"status": "affected", "version": "5.4.0 \u2013 5.4.8"}, {"lessThan": "5.0.19*", "status": "unaffected", "version": "5.0.19", "versionType": "custom"}, {"lessThan": "5.4.9*", "status": "unaffected", "version": "5.4.9", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Zabbix wants to thank Brian J. Murrell for reporting this issue to us"}], "datePublic": "2021-12-01T00:00:00", "descriptions": [{"lang": "en", "value": "During Zabbix installation from RPM, DAC_OVERRIDE SELinux capability is in use to access PID files in [/var/run/zabbix] folder. In this case, Zabbix Proxy or Server processes can bypass file read, write and execute permissions check on the file system level"}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-284", "description": "CWE-284 Improper Access Control", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-01-23T03:06:29", "orgId": "72de3e22-0555-4a0d-ae81-9249e0f0a1e8", "shortName": "Zabbix"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://support.zabbix.com/browse/ZBX-20341"}, {"name": "FEDORA-2022-dfe346f53f", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6SZYHXINBKCY42ITFSNCYE7KCSF33VRA/"}, {"name": "FEDORA-2022-1a667b0f90", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VB6W556GVXOKUYTASTDGL3AI7S3SJHX7/"}], "solutions": [{"lang": "en", "value": "To remediate this vulnerability, apply the updates."}], "source": {"discovery": "EXTERNAL"}, "title": "Incorrect permissions of [/var/run/zabbix] forces dac_override", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@zabbix.com", "DATE_PUBLIC": "2021-12-01T16:09:00.000Z", "ID": "CVE-2022-23132", "STATE": "PUBLIC", "TITLE": "Incorrect permissions of [/var/run/zabbix] forces dac_override"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Proxy, Server", "version": {"version_data": [{"version_affected": "=", "version_name": "4.0.0 - 4.0.36", "version_value": "4.0.0 - 4.0.36"}, {"version_affected": "=", "version_name": "5.0.0 \u2013 5.0.18", "version_value": "5.0.0 \u2013 5.0.18"}, {"version_affected": "=", "version_name": "5.4.0 \u2013 5.4.8", "version_value": "5.4.0 \u2013 5.4.8"}, {"version_affected": "!>=", "version_name": "5.0.19", "version_value": "5.0.19"}, {"version_affected": "!>=", "version_name": "5.4.9", "version_value": "5.4.9"}]}}]}, "vendor_name": "Zabbix"}]}}, "credit": [{"lang": "eng", "value": "Zabbix wants to thank Brian J. Murrell for reporting this issue to us"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "During Zabbix installation from RPM, DAC_OVERRIDE SELinux capability is in use to access PID files in [/var/run/zabbix] folder. In this case, Zabbix Proxy or Server processes can bypass file read, write and execute permissions check on the file system level"}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-284 Improper Access Control"}]}]}, "references": {"reference_data": [{"name": "https://support.zabbix.com/browse/ZBX-20341", "refsource": "MISC", "url": "https://support.zabbix.com/browse/ZBX-20341"}, {"name": "FEDORA-2022-dfe346f53f", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6SZYHXINBKCY42ITFSNCYE7KCSF33VRA/"}, {"name": "FEDORA-2022-1a667b0f90", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VB6W556GVXOKUYTASTDGL3AI7S3SJHX7/"}]}, "solution": [{"lang": "en", "value": "To remediate this vulnerability, apply the updates."}], "source": {"discovery": "EXTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T03:36:20.009Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://support.zabbix.com/browse/ZBX-20341"}, {"name": "FEDORA-2022-dfe346f53f", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6SZYHXINBKCY42ITFSNCYE7KCSF33VRA/"}, {"name": "FEDORA-2022-1a667b0f90", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VB6W556GVXOKUYTASTDGL3AI7S3SJHX7/"}]}]}, "cveMetadata": {"assignerOrgId": "72de3e22-0555-4a0d-ae81-9249e0f0a1e8", "assignerShortName": "Zabbix", "cveId": "CVE-2022-23132", "datePublished": "2022-01-13T15:50:40.425921Z", "dateReserved": "2022-01-11T00:00:00", "dateUpdated": "2024-09-16T20:37:11.038Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:zabbix:zabbix:*:*:*:*:*:*:*:*", "matchCriteriaId": "285CF526-ACA1-438C-98FA-BEB4365E6531", "versionEndIncluding": "4.0.36", "versionStartIncluding": "4.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:zabbix:zabbix:*:*:*:*:*:*:*:*", "matchCriteriaId": "E5754717-C846-47CA-81C2-D2BA46BED5AD", "versionEndIncluding": "5.0.18", "versionStartIncluding": "5.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:zabbix:zabbix:*:*:*:*:*:*:*:*", "matchCriteriaId": "19429F9A-8623-4BA9-984B-4982418C21CD", "versionEndIncluding": "5.4.8", "versionStartIncluding": "5.4.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:zabbix:zabbix:6.0.0:alpha1:*:*:*:*:*:*", "matchCriteriaId": "0DC67B03-AF43-45C9-8EAC-D60DA5887712", "vulnerable": true}, {"criteria": "cpe:2.3:a:zabbix:zabbix:6.0.0:alpha2:*:*:*:*:*:*", "matchCriteriaId": "9C483257-D279-4A20-8451-1C2D34AF8C7D", "vulnerable": true}, {"criteria": "cpe:2.3:a:zabbix:zabbix:6.0.0:alpha3:*:*:*:*:*:*", "matchCriteriaId": "F9B37226-5339-4B5E-B515-BBC5D95A122D", "vulnerable": true}, {"criteria": "cpe:2.3:a:zabbix:zabbix:6.0.0:alpha4:*:*:*:*:*:*", "matchCriteriaId": "69B35CCA-9F00-4FED-B2F6-3A561369AF44", "vulnerable": true}, {"criteria": "cpe:2.3:a:zabbix:zabbix:6.0.0:alpha5:*:*:*:*:*:*", "matchCriteriaId": "4270E53E-563E-4B60-9C19-5E8E78635B86", "vulnerable": true}, {"criteria": "cpe:2.3:a:zabbix:zabbix:6.0.0:alpha6:*:*:*:*:*:*", "matchCriteriaId": "E7BCC855-4C6A-4E00-BA2A-3CAD738DF49D", "vulnerable": true}, {"criteria": "cpe:2.3:a:zabbix:zabbix:6.0.0:alpha7:*:*:*:*:*:*", "matchCriteriaId": "E5EE65D8-BD54-491F-8B61-A58D57C2D1CA", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", "matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*", "matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "During Zabbix installation from RPM, DAC_OVERRIDE SELinux capability is in use to access PID files in [/var/run/zabbix] folder. In this case, Zabbix Proxy or Server processes can bypass file read, write and execute permissions check on the file system level"}, {"lang": "es", "value": "Durante la instalaci\u00f3n de Zabbix desde RPM, es usada la capacidad DAC_OVERRIDE SELinux para acceder a los archivos PID en la carpeta [/var/run/zabbix]. En este caso, los procesos del proxy o del servidor de Zabbix pueden omitir la comprobaci\u00f3n de los permisos de lectura, escritura y ejecuci\u00f3n de los archivos en el nivel del sistema de archivos"}], "id": "CVE-2022-23132", "lastModified": "2023-11-07T03:44:04.800", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.4, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 2.5, "source": "security@zabbix.com", "type": "Secondary"}]}, "published": "2022-01-13T16:15:08.113", "references": [{"source": "security@zabbix.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6SZYHXINBKCY42ITFSNCYE7KCSF33VRA/"}, {"source": "security@zabbix.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VB6W556GVXOKUYTASTDGL3AI7S3SJHX7/"}, {"source": "security@zabbix.com", "tags": ["Issue Tracking", "Patch", "Vendor Advisory"], "url": "https://support.zabbix.com/browse/ZBX-20341"}], "sourceIdentifier": "security@zabbix.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-732"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-284"}], "source": "security@zabbix.com", "type": "Secondary"}]}