First published: Mon Dec 05 2022(Updated: )
Zabbix Frontend provides a feature that allows admins to maintain the installation and ensure that only certain IP addresses can access it. In this way, any user will not be able to access the Zabbix Frontend while it is being maintained and possible sensitive data will be prevented from being disclosed. An attacker can bypass this protection and access the instance using IP address not listed in the defined range.
Credit: security@zabbix.com security@zabbix.com
Affected Software | Affected Version | How to fix |
---|---|---|
Zabbix Frontend | >=4.0.0<=4.0.44 | |
Zabbix Frontend | >=5.0.0<=5.0.29 | |
Zabbix Frontend | >=6.0.0<=6.0.9 | |
Zabbix Frontend | >=6.2.0<=6.2.4 | |
Zabbix Frontend | =5.0.30-rc1 | |
Zabbix Frontend | =6.0.11-rc1 | |
Zabbix Frontend | =6.2.5-rc1 | |
>=4.0.0<=4.0.44 | ||
>=5.0.0<=5.0.29 | ||
>=6.0.0<=6.0.9 | ||
>=6.2.0<=6.2.4 | ||
=5.0.30-rc1 | ||
=6.0.11-rc1 | ||
=6.2.5-rc1 |
To remediate this vulnerability, apply the updates listed in the 'Unaffected' section to appropriate products or use the workaround
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-43515 is a vulnerability in Zabbix Frontend that allows unauthorized access.
The severity of CVE-2022-43515 is critical with a score of 9.8.
CVE-2022-43515 allows unauthorized access to Zabbix Frontend and can lead to disclosure of sensitive data.
Versions 4.0.0 to 4.0.44, 5.0.0 to 5.0.29, 6.0.0 to 6.0.9, and 6.2.0 to 6.2.4 of Zabbix Frontend are affected by CVE-2022-43515.
To fix CVE-2022-43515, update Zabbix Frontend to a version that is not vulnerable.