| Package | zabbix |
|---|---|
| Version | 1:2.2.23+dfsg-0+deb8u3 |
| Related CVEs | CVE-2022-23134 |
Thomas Chauchefoin from SonarSource discovered that in Zabbix, a server/client network monitoring system, after the initial setup process, some steps of setup.php file are reachable not only by super-administrators, but by unauthenticated users as well. An attacker could bypass checks and potentially change the configuration of Zabbix Frontend.
For Debian 8 jessie, these problems have been fixed in version 1:2.2.23+dfsg-0+deb8u3.
We recommend that you upgrade your zabbix packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.