After the initial setup process, some steps of setup.php file are reachable not only by super-administrators, but by unauthenticated users as well. Malicious actor can pass step checks and potentially change the configuration of Zabbix Frontend.
Created zabbix tracking bugs for this issue:
Affects: fedora-all [bug 2040746]
Created zabbix40 tracking bugs for this issue:
Affects: epel-all [bug 2040747]
Created zabbix50 tracking bugs for this issue:
Affects: epel-all [bug 2040748]
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.