Zabbix Security Advisories and CVE database

How to report a security issue?

Direct link CVE/Advisory number CVSS score Zabbix ? severity Synopsis Component/s Affected version/s Published
# CVE-2022-23134 3.7 Low Possible view of the setup pages by unauthenticated users if config file already exists Frontend 5.4.0 - 5.4.8
6.0.0 - 6.0.0beta1
2021 Dec 20
# ZBA-2021-12-4 - Medium Possible remote code execution in Zabbix Java Gateway with logback 1.2.7 and prior versions Java gateway 2.0-2.X
3.0-3.X
4.0.0 - 4.0.36
5.0.18
5.4.0 -5.4.8
6.0.0alpha1-6.0.0beta1
2021 Dec 16
# CVE-2022-23133 6.3 Medium Stored XSS in host groups configuration window in Zabbix Frontend Frontend 5.0.0 – 5.0.18
5.4.0 – 5.4.8
6.0.0alpha1
2021 Dec 08
# CVE-2022-23132 3.3 Low Incorrect permissions of [/var/run/zabbix] forces dac_override Proxy,
Server
4.0.0 - 4.0.36
5.0.18
5.4.0 – 5.4.8
6.0.0alpha1-6.0.0alpha7
2021 Dec 01
# CVE-2022-23131 9.1 Critical Unsafe client-side session storage leading to authentication bypass/instance takeover via Zabbix Frontend with configured SAML Frontend 5.4.0 - 5.4.8
6.0.0alpha1
2021 Nov 22