CVE-2022-43515
CVSS V2 None
CVSS V3 None
Description
Zabbix Frontend provides a feature that allows admins to maintain the installation and ensure that only certain IP addresses can access it. In this way, any user will not be able to access the Zabbix Frontend while it is being maintained and possible sensitive data will be prevented from being disclosed. An attacker can bypass this protection and access the instance using IP address not listed in the defined range.
Overview
- CVE ID
- CVE-2022-43515
- Assigner
- security@zabbix.com
- Vulnerability Status
- Analyzed
- Published Version
- 2022-12-05T19:15:10
- Last Modified Date
- 2023-02-03T21:23:01
Weakness Enumerations
CPE Configuration (Product)
| CPE | Vulnerable | Operator | Version Start | Version End |
|---|---|---|---|---|
| cpe:2.3:a:zabbix:frontend:*:*:*:*:*:*:*:* | 1 | OR | 4.0.0 | 4.0.44 |
| cpe:2.3:a:zabbix:frontend:*:*:*:*:*:*:*:* | 1 | OR | 5.0.0 | 5.0.29 |
| cpe:2.3:a:zabbix:frontend:*:*:*:*:*:*:*:* | 1 | OR | 6.0.0 | 6.0.9 |
| cpe:2.3:a:zabbix:frontend:*:*:*:*:*:*:*:* | 1 | OR | 6.2.0 | 6.2.4 |
| cpe:2.3:a:zabbix:frontend:5.0.30:rc1:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:a:zabbix:frontend:6.0.11:rc1:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:a:zabbix:frontend:6.2.5:rc1:*:*:*:*:*:* | 1 | OR |
References
| Reference URL | Reference Tags |
|---|---|
| https://support.zabbix.com/browse/ZBXSEC-125 | Permissions Required Vendor Advisory |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2022-43515 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43515 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2022-12-07 18:06:35 | Added to TrackCVE | |||
| 2022-12-08 17:15:21 | 2022-12-05T19:15:10.363 | 2022-12-05T19:15:10 | CVE Published Date | updated |
| 2022-12-08 17:15:21 | 2022-12-08T14:15:10 | CVE Modified Date | updated | |
| 2022-12-08 17:15:21 | Analyzed | Modified | Vulnerability Status | updated |
| 2022-12-12 18:17:27 | Modified | Undergoing Analysis | Vulnerability Status | updated |
| 2023-02-03 23:13:41 | 2023-02-03T21:23:01 | CVE Modified Date | updated | |
| 2023-02-03 23:13:41 | Undergoing Analysis | Analyzed | Vulnerability Status | updated |
| 2023-02-03 23:13:41 | Weakness Enumeration | update |