After the initial setup process, some steps of setup.php file are reachable not only by super-administrators, but by unauthenticated users as well. Malicious actor can pass step checks and potentially change the configuration of Zabbix Frontend.
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Zabbix | Zabbix | 5.4.0 (including) | 5.4.8 (including) |
Zabbix | Zabbix | 6.0.0-alpha1 (including) | 6.0.0-alpha1 (including) |
Zabbix | Zabbix | 6.0.0-alpha2 (including) | 6.0.0-alpha2 (including) |
Zabbix | Zabbix | 6.0.0-alpha3 (including) | 6.0.0-alpha3 (including) |
Zabbix | Zabbix | 6.0.0-alpha4 (including) | 6.0.0-alpha4 (including) |
Zabbix | Zabbix | 6.0.0-alpha5 (including) | 6.0.0-alpha5 (including) |
Zabbix | Zabbix | 6.0.0-alpha6 (including) | 6.0.0-alpha6 (including) |
Zabbix | Zabbix | 6.0.0-alpha7 (including) | 6.0.0-alpha7 (including) |
Zabbix | Zabbix | 6.0.0-beta1 (including) | 6.0.0-beta1 (including) |