{"containers":{"cna":{"affected":[{"product":"Proxy, Server","vendor":"Zabbix","versions":[{"status":"affected","version":"4.0.0 - 4.0.36"},{"status":"affected","version":"5.0.0 – 5.0.18"},{"status":"affected","version":"5.4.0 – 5.4.8"},{"lessThan":"5.0.19*","status":"unaffected","version":"5.0.19","versionType":"custom"},{"lessThan":"5.4.9*","status":"unaffected","version":"5.4.9","versionType":"custom"}]}],"credits":[{"lang":"en","value":"Zabbix wants to thank Brian J. Murrell for reporting this issue to us"}],"datePublic":"2021-12-01T00:00:00.000Z","descriptions":[{"lang":"en","value":"During Zabbix installation from RPM, DAC_OVERRIDE SELinux capability is in use to access PID files in [/var/run/zabbix] folder. In this case, Zabbix Proxy or Server processes can bypass file read, write and execute permissions check on the file system level"}],"metrics":[{"cvssV3_1":{"attackComplexity":"HIGH","attackVector":"LOCAL","availabilityImpact":"NONE","baseScore":3.3,"baseSeverity":"LOW","confidentialityImpact":"LOW","integrityImpact":"LOW","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N","version":"3.1"}}],"problemTypes":[{"descriptions":[{"cweId":"CWE-284","description":"CWE-284 Improper Access Control","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2022-01-23T03:06:29.000Z","orgId":"72de3e22-0555-4a0d-ae81-9249e0f0a1e8","shortName":"Zabbix"},"references":[{"tags":["x_refsource_MISC"],"url":"https://support.zabbix.com/browse/ZBX-20341"},{"name":"FEDORA-2022-dfe346f53f","tags":["vendor-advisory","x_refsource_FEDORA"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6SZYHXINBKCY42ITFSNCYE7KCSF33VRA/"},{"name":"FEDORA-2022-1a667b0f90","tags":["vendor-advisory","x_refsource_FEDORA"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VB6W556GVXOKUYTASTDGL3AI7S3SJHX7/"}],"solutions":[{"lang":"en","value":"To remediate this vulnerability, apply the updates."}],"source":{"discovery":"EXTERNAL"},"title":"Incorrect permissions of [/var/run/zabbix] forces dac_override","x_generator":{"engine":"Vulnogram 0.0.9"},"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"security@zabbix.com","DATE_PUBLIC":"2021-12-01T16:09:00.000Z","ID":"CVE-2022-23132","STATE":"PUBLIC","TITLE":"Incorrect permissions of [/var/run/zabbix] forces dac_override"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"Proxy, Server","version":{"version_data":[{"version_affected":"=","version_name":"4.0.0 - 4.0.36","version_value":"4.0.0 - 4.0.36"},{"version_affected":"=","version_name":"5.0.0 – 5.0.18","version_value":"5.0.0 – 5.0.18"},{"version_affected":"=","version_name":"5.4.0 – 5.4.8","version_value":"5.4.0 – 5.4.8"},{"version_affected":"!>=","version_name":"5.0.19","version_value":"5.0.19"},{"version_affected":"!>=","version_name":"5.4.9","version_value":"5.4.9"}]}}]},"vendor_name":"Zabbix"}]}},"credit":[{"lang":"eng","value":"Zabbix wants to thank Brian J. Murrell for reporting this issue to us"}],"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"During Zabbix installation from RPM, DAC_OVERRIDE SELinux capability is in use to access PID files in [/var/run/zabbix] folder. In this case, Zabbix Proxy or Server processes can bypass file read, write and execute permissions check on the file system level"}]},"generator":{"engine":"Vulnogram 0.0.9"},"impact":{"cvss":{"attackComplexity":"HIGH","attackVector":"LOCAL","availabilityImpact":"NONE","baseScore":3.3,"baseSeverity":"LOW","confidentialityImpact":"LOW","integrityImpact":"LOW","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N","version":"3.1"}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-284 Improper Access Control"}]}]},"references":{"reference_data":[{"name":"https://support.zabbix.com/browse/ZBX-20341","refsource":"MISC","url":"https://support.zabbix.com/browse/ZBX-20341"},{"name":"FEDORA-2022-dfe346f53f","refsource":"FEDORA","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6SZYHXINBKCY42ITFSNCYE7KCSF33VRA/"},{"name":"FEDORA-2022-1a667b0f90","refsource":"FEDORA","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VB6W556GVXOKUYTASTDGL3AI7S3SJHX7/"}]},"solution":[{"lang":"en","value":"To remediate this vulnerability, apply the updates."}],"source":{"discovery":"EXTERNAL"}}},"adp":[{"title":"CVE Program Container","references":[{"tags":["x_refsource_MISC","x_transferred"],"url":"https://support.zabbix.com/browse/ZBX-20341"},{"name":"FEDORA-2022-dfe346f53f","tags":["vendor-advisory","x_refsource_FEDORA","x_transferred"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6SZYHXINBKCY42ITFSNCYE7KCSF33VRA/"},{"name":"FEDORA-2022-1a667b0f90","tags":["vendor-advisory","x_refsource_FEDORA","x_transferred"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VB6W556GVXOKUYTASTDGL3AI7S3SJHX7/"},{"url":"https://lists.debian.org/debian-lts-announce/2024/10/msg00000.html"}],"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2025-11-03T21:45:50.064Z"}}]},"cveMetadata":{"assignerOrgId":"72de3e22-0555-4a0d-ae81-9249e0f0a1e8","assignerShortName":"Zabbix","cveId":"CVE-2022-23132","datePublished":"2022-01-13T15:50:40.425Z","dateReserved":"2022-01-11T00:00:00.000Z","dateUpdated":"2025-11-03T21:45:50.064Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"}