CVE-2022-23134 LOW

CVE-2022-23134: Possible view of the setup pages by unauthenticated users if config file already exists

Vendor Zabbix

Product Frontend

Weakness CWE-284

KEV Status Known Exploited

Published January 13, 2022

Last update October 21, 2025

View on NVD All CVEs

CVSS base score

3.7/10

Attack vector Network

Attack complexity High

Privileges required None

User interaction None

Confidentiality None

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

What the vulnerability does

01Description

After the initial setup process, some steps of setup.php file are reachable not only by super-administrators, but by unauthenticated users as well. Malicious actor can pass step checks and potentially change the configuration of Zabbix Frontend.

CISA mandated remediation

02CISA Required Action

Apply updates per vendor instructions.

Key dates

03Disclosure timeline

January 13, 2022 CVE published

October 21, 2025 Record updated

External resources

04References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-23134 CISA KEV Reference https://nvd.nist.gov/vuln/detail/CVE-2022-23134

Related vulnerabilities

CVE-2022-23134: Possible view of the setup pages by unauthenticated users if config file already exists

01Description

02CISA Required Action

03Disclosure timeline

04References

05Related CVE