CVE-2022-43515
Summary
| CVE | CVE-2022-43515 |
|---|
| State | PUBLIC |
|---|
| Assigner | [email protected] |
|---|
| Source Priority | CVE Program / NVD first with legacy fallback |
|---|
| Published | 2022-12-05 19:15:00 UTC |
|---|
| Updated | 2023-08-22 19:16:00 UTC |
|---|
| Description | Zabbix Frontend provides a feature that allows admins to maintain the installation and ensure that only certain IP addresses can access it. In this way, any user will not be able to access the Zabbix Frontend while it is being maintained and possible sensitive data will be prevented from being disclosed. An attacker can bypass this protection and access the instance using IP address not listed in the defined range. |
|---|
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|
| [SECURITY] [DLA 3538-1] zabbix security update |
MLIST |
lists.debian.org |
|
| [ZBX-22050] X-Forwarded-For header is active by default causes access to zabbix sites in maintenance mode (CVE-2022-43515) - ZABBIX SUPPORT |
MISC |
support.zabbix.com |
|
| Log in - ZABBIX SUPPORT |
MISC |
support.zabbix.com |
|
| CVE Program record |
CVE.ORG |
www.cve.org |
canonical |
| NVD vulnerability detail |
NVD |
nvd.nist.gov |
canonical, analysis |
Vendor Comments And Credit
Discovery Credit
LEGACY: osman1337
Legacy QID Mappings
- 6000015 Debian Security Update for zabbix (DLA 3538-1)
- 753005 SUSE Enterprise Linux Security Update for zabbix (SUSE-SU-2022:4477-1)
