CVE-2022-46768
Published: 15 December 2022
Arbitrary file read vulnerability exists in Zabbix Web Service Report Generation, which listens on the port 10053. The service does not have proper validation for URL parameters before reading the files.
Priority
Status
| Package | Release | Status |
|---|---|---|
|
zabbix Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(code not present)
|
| focal |
Not vulnerable
(code not present)
|
|
| jammy |
Not vulnerable
(code not present)
|
|
| kinetic |
Ignored
(end of life, was needs-triage)
|
|
| lunar |
Ignored
(end of life, was needs-triage)
|
|
| mantic |
Not vulnerable
(code not present)
|
|
| trusty |
Not vulnerable
(code not present)
|
|
| upstream |
Released
(6.4.0beta5)
|
|
| xenial |
Not vulnerable
(code not present)
|
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score | 5.9 |
| Attack vector | Network |
| Attack complexity | High |
| Privileges required | None |
| User interaction | None |
| Scope | Unchanged |
| Confidentiality | High |
| Integrity impact | None |
| Availability impact | None |
| Vector | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N |