Inefficient permission check in class CControllerAuthenticationUpdate
CVE-2023-32723

8.5HIGH

Key Information:

Vendor: Zabbix
Status: Zabbix
Vendor: CVE Published:; 12 October 2023

What is CVE-2023-32723?

A misconfiguration in Zabbix leads to LDAP requests being sent before validating user permissions. This vulnerability exposes the system to potential unauthorized access and manipulation of user data, compromising the overall security framework.

Affected Version(s)

Zabbix 4.0.0 <= 4.0.19rc1

Zabbix 4.4.0 <= 4.4.7rc1

Zabbix 5.0.0alpha1 <= 5.0.0alpha4

References

https://support.zabbix.com/browse/ZBX-23230

https://lists.debian.org/debian-lts-announce/2024/01/msg0...

CVSS V3.1

Score:

8.5

Severity:

HIGH

Confidentiality:

Low

Integrity:

High

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 12, 2023
Vulnerability Reserved
May 11, 2023

Credit

Zabbix wants to thank Xiaojunjie