Debian 10261 Published by

A zabbix security update has been released for Debian GNU/Linux 8 Extended LTS to address an issue where an attacker could bypass checks and potentially change the configuration of Zabbix Frontend.



ELA-562-1 zabbix security update

Package zabbix
Version 1:2.2.23+dfsg-0+deb8u3
Related CVEs CVE-2022-23134

Thomas Chauchefoin from SonarSource discovered that in Zabbix, a server/client network monitoring system, after the initial setup process, some steps of setup.php file are reachable not only by super-administrators, but by unauthenticated users as well. An attacker could bypass checks and potentially change the configuration of Zabbix Frontend.

For Debian 8 jessie, these problems have been fixed in version 1:2.2.23+dfsg-0+deb8u3.

We recommend that you upgrade your zabbix packages.

Further information about Extended LTS security advisories can be found at: https://deb.freexian.com/extended-lts/

  ELA-562-1 zabbix security update