| Revision Date: | 2022-09-02 | Version: | 1 |
| Title: | CVE-2022-23132 |
| Description: |
During Zabbix installation from RPM, DAC_OVERRIDE SELinux capability is in use to access PID files in [/var/run/zabbix] folder. In this case, Zabbix Proxy or Server processes can bypass file read, write and execute permissions check on the file system level
|
| Family: | unix | Class: | vulnerability |
| Status: | | Reference(s): | Mitre CVE-2022-23132
SUSE CVE-2022-23132
|
| Platform(s): | SUSE Linux Enterprise High Performance Computing 12 SP5
SUSE Linux Enterprise Server 12 SP5
SUSE Linux Enterprise Server for SAP Applications 12 SP4
SUSE Linux Enterprise Server for SAP Applications 12 SP5
SUSE OpenStack Cloud 8
SUSE OpenStack Cloud 9
SUSE OpenStack Cloud Crowbar 8
SUSE OpenStack Cloud Crowbar 9
| Product(s): | |
| Definition Synopsis |
| Release Information SUSE OpenStack Cloud 8 is installed
OR SUSE OpenStack Cloud Crowbar 8 is installed
AND zabbix-agent is not affected
|
| Definition Synopsis |
| Release Information
SUSE OpenStack Cloud 9 is installed
OR SUSE OpenStack Cloud Crowbar 9 is installed
AND zabbix-agent is not affected
|
| Definition Synopsis |
| SUSE Linux Enterprise Server for SAP Applications 12 SP4 is installed
AND zabbix-agent is not affected
|
| Definition Synopsis |
| Release Information
SUSE Linux Enterprise High Performance Computing 12 SP5 is installed
OR SUSE Linux Enterprise Server for SAP Applications 12 SP5 is installed
AND zabbix is not affected
OR Package Information
SUSE Linux Enterprise Server 12 SP5 is installed
AND zabbix-agent is not affected
|