As the version uploaded is a new upstrea maintainance version, there a a
few minor new features and behavioural changes with this version. Please
see below for further information.
CVE-2022-23132
During Zabbix installation from RPM, DAC_OVERRIDE SELinux capability is
in use to access PID files in [/var/run/zabbix] folder. In this case,
Zabbix Proxy or Server processes can bypass file read, write and execute
permissions check on the file system level
CVE-2022-23133
An authenticated user can create a hosts group from the configuration
with XSS payload, which will be available for other users. When XSS is
stored by an authenticated malicious actor and other users try to search
for groups during new host creation, the XSS payload will fire and the
actor can steal session cookies and perform session hijacking to
impersonate users or take over their accounts.
CVE-2022-24349
An authenticated user can create a hosts group from the configuration
Get the latest Linux and open source security news straight to your inbox.