Lucene search

[email protected]NVD:CVE-2022-46768

HistoryDec 15, 2022 - 7:15 a.m.

CVE-2022-46768

2022-12-1507:15:09

CWE-20

[email protected]

web.nvd.nist.gov

arbitrary file read

zabbix web service

report generation

port 10053

url parameters

file validation

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

0.002 Low

EPSS

Percentile

53.2%

JSON

Arbitrary file read vulnerability exists in Zabbix Web Service Report Generation, which listens on the port 10053. The service does not have proper validation for URL parameters before reading the files.

Affected configurations

NVD

Node

zabbixweb_service_report_generationRange6.0.0–6.0.11

zabbixweb_service_report_generationRange6.2.0–6.2.5

zabbixzabbix-agent2Range<6.0.12

zabbixzabbix-agent2Range6.2.0–6.2.6

References

support.zabbix.com/browse/ZBX-22087

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

0.002 Low

EPSS

Percentile

53.2%

JSON

Related for NVD:CVE-2022-46768

cvelist1 debiancve1 prion1 zdi1 cve1 ubuntucve1