CVE-2022-22704
First published: Thu Jan 06 2022(Updated: )
The zabbix-agent2 package before 5.4.9-r1 for Alpine Linux sometimes allows privilege escalation to root because the design incorrectly expected that systemd would (in effect) determine part of the configuration.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Zabbix Zabbix-agent2 | <5.4.9 | |
| Zabbix Zabbix-agent2 | =5.4.9 | |
| Alpinelinux Alpine Linux |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2022-22704?
CVE-2022-22704 is a vulnerability in the zabbix-agent2 package before version 5.4.9-r1 for Alpine Linux that allows privilege escalation to root.
What is the severity of CVE-2022-22704?
CVE-2022-22704 has a severity rating of 9.8 out of 10, indicating a critical vulnerability.
How does CVE-2022-22704 allow privilege escalation?
CVE-2022-22704 allows privilege escalation by incorrectly expecting that systemd would determine part of the configuration.
Which software versions are affected by CVE-2022-22704?
The zabbix-agent2 package versions before 5.4.9-r1 for Alpine Linux are affected by CVE-2022-22704.
How can I fix CVE-2022-22704?
To fix CVE-2022-22704, update the zabbix-agent2 package to version 5.4.9-r1 or later for Alpine Linux.
- collector/nvd-api
- collector/nvd-index
- agent/severity
- agent/references
- agent/author
- agent/weakness
- agent/type
- agent/event
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/zabbix
- canonical/zabbix zabbix-agent2
- version/zabbix zabbix-agent2/5.4.9
- vendor/alpinelinux
- canonical/alpinelinux alpine linux