CVE-2022-43515

Published: Dec 12, 2022

Modified: Nov 3, 2025

PUBLISHED

CVSS v3.1

5.3

MEDIUM

Description

Zabbix Frontend provides a feature that allows admins to maintain the installation and ensure that only certain IP addresses can access it. In this way, any user will not be able to access the Zabbix Frontend while it is being maintained and possible sensitive data will be prevented from being disclosed. An attacker can bypass this protection and access the instance using IP address not listed in the defined range.

Vendor	Product	Versions
Zabbix	Frontend	affected `4.0.0-4.0.44` affected `5.0.0-5.0.29` affected `6.0.0-6.0.9` affected `6.2.0-6.2.4` unaffected `5.0.30rc1 - < unspecified` +2 more versions

Weaknesses (CWE)

CWE-20

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

Low

Availability

None

References

https://support.zabbix.com/browse/ZBX-22050

[debian-lts-announce] 20230822 [SECURITY] [DLA 3538-1] zabbix security update

mailing-list

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2022-43515

Description

Affected Products

Weaknesses (CWE)

CVSS v3.1 Details

References