Vulnerabilites related to centreon - centreon_web
Vulnerability from fkie_nvd
Published
2018-06-25 18:29
Modified
2024-11-21 03:43
Severity ?
Summary
Centreon 3.4.6 including Centreon Web 2.8.23 is vulnerable to an authenticated user injecting a payload into the username or command description, resulting in stored XSS. This is related to www/include/core/menu/menu.php and www/include/configuration/configObject/command/formArguments.php.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-2.8/centreon-2.8.24.html | Vendor Advisory | |
| cve@mitre.org | https://github.com/centreon/centreon/pull/6259 | Patch, Third Party Advisory | |
| cve@mitre.org | https://github.com/centreon/centreon/pull/6260 | Patch, Third Party Advisory | |
| cve@mitre.org | https://github.com/centreon/centreon/releases | Release Notes, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-2.8/centreon-2.8.24.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/centreon/centreon/pull/6259 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/centreon/centreon/pull/6260 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/centreon/centreon/releases | Release Notes, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| centreon | centreon | 3.4.6 | |
| centreon | centreon_web | 2.8.23 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:centreon:centreon:3.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9ED0368F-E002-4195-9A58-4DA58FAC01D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:centreon:centreon_web:2.8.23:*:*:*:*:*:*:*",
"matchCriteriaId": "64434EDB-4A66-4C34-BDDF-9CC7B6CA9CCA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Centreon 3.4.6 including Centreon Web 2.8.23 is vulnerable to an authenticated user injecting a payload into the username or command description, resulting in stored XSS. This is related to www/include/core/menu/menu.php and www/include/configuration/configObject/command/formArguments.php."
},
{
"lang": "es",
"value": "Centreon 3.4.6 incluyendo Centreon Web 2.8.23 es vulnerable a que un usuario autenticado inyecte una carga \u00fatil en la descripci\u00f3n del nombre de usuario o del comando, lo que resulta en Cross-Site Scripting (XSS) persistente. Esto est\u00e1 relacionado con www/include/core/menu/menu.php y www/include/configuration/configObject/command/formArguments.php."
}
],
"id": "CVE-2018-11588",
"lastModified": "2024-11-21T03:43:40.313",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-06-25T18:29:00.253",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-2.8/centreon-2.8.24.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/centreon/centreon/pull/6259"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/centreon/centreon/pull/6260"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/centreon/centreon/releases"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-2.8/centreon-2.8.24.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/centreon/centreon/pull/6259"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/centreon/centreon/pull/6260"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/centreon/centreon/releases"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-05-03 03:16
Modified
2024-11-25 14:09
Severity ?
Summary
Centreon sysName Cross-Site Scripting Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Centreon. User interaction is required to exploit this vulnerability.
The specific flaw exists within the processing of the sysName OID in SNMP. The issue results from the lack of proper validation of user-supplied data, which can lead to the injection of an arbitrary script. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-20731.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| zdi-disclosures@trendmicro.com | https://www.zerodayinitiative.com/advisories/ZDI-24-416/ | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.zerodayinitiative.com/advisories/ZDI-24-416/ | Patch, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| centreon | centreon_web | * | |
| centreon | centreon_web | * | |
| centreon | centreon_web | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:centreon:centreon_web:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C08CB191-D339-44C2-9D91-491CC34F56F6",
"versionEndExcluding": "22.10.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:centreon:centreon_web:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D1EBA182-3544-46ED-9701-05445772A90C",
"versionEndExcluding": "23.04.10",
"versionStartIncluding": "23.04.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:centreon:centreon_web:*:*:*:*:*:*:*:*",
"matchCriteriaId": "032CBBEF-3B55-42C3-B3B1-0DEE7B209E78",
"versionEndExcluding": "23.10.1",
"versionStartIncluding": "23.10.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Centreon sysName Cross-Site Scripting Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Centreon. User interaction is required to exploit this vulnerability.\n\nThe specific flaw exists within the processing of the sysName OID in SNMP. The issue results from the lack of proper validation of user-supplied data, which can lead to the injection of an arbitrary script. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-20731."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo de Cross-Site Scripting en Centreon sysName. Esta vulnerabilidad permite a atacantes remotos ejecutar c\u00f3digo arbitrario en las instalaciones afectadas de Centreon. Se requiere la interacci\u00f3n del usuario para aprovechar esta vulnerabilidad. La falla espec\u00edfica existe en el procesamiento del OID sysName en SNMP. El problema se debe a la falta de validaci\u00f3n adecuada de los datos proporcionados por el usuario, lo que puede llevar a la inyecci\u00f3n de un script arbitrario. Un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto de la cuenta de servicio. Era ZDI-CAN-20731."
}
],
"id": "CVE-2023-51633",
"lastModified": "2024-11-25T14:09:45.733",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9,
"source": "zdi-disclosures@trendmicro.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 6.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-05-03T03:16:26.440",
"references": [
{
"source": "zdi-disclosures@trendmicro.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-416/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-416/"
}
],
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "zdi-disclosures@trendmicro.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-08-21 17:15
Modified
2024-11-26 02:16
Severity ?
Summary
Centreon updateServiceHost SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Centreon. Authentication is required to exploit this vulnerability.
The specific flaw exists within the updateServiceHost function. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of the apache user. Was ZDI-CAN-23294.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| zdi-disclosures@trendmicro.com | https://www.zerodayinitiative.com/advisories/ZDI-24-595/ | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| centreon | centreon_web | * | |
| centreon | centreon_web | * | |
| centreon | centreon_web | * | |
| centreon | centreon_web | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:centreon:centreon_web:*:*:*:*:*:*:*:*",
"matchCriteriaId": "26A7A190-9CD9-4718-8BA5-7C2C2FCEB163",
"versionEndExcluding": "22.04.24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:centreon:centreon_web:*:*:*:*:*:*:*:*",
"matchCriteriaId": "12C8F856-4468-4133-89E9-7742EEC91710",
"versionEndExcluding": "22.10.22",
"versionStartIncluding": "22.10.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:centreon:centreon_web:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CB7BAC5E-438D-4F42-9266-725533233C67",
"versionEndExcluding": "23.04.18",
"versionStartIncluding": "23.04.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:centreon:centreon_web:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8B3A006B-15BA-46B5-A822-B5817817C411",
"versionEndExcluding": "23.10.12",
"versionStartIncluding": "23.10.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Centreon updateServiceHost SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Centreon. Authentication is required to exploit this vulnerability.\n\nThe specific flaw exists within the updateServiceHost function. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of the apache user. Was ZDI-CAN-23294."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo de inyecci\u00f3n SQL de Centreon updateServiceHost. Esta vulnerabilidad permite a atacantes remotos ejecutar c\u00f3digo arbitrario en las instalaciones afectadas de Centreon. Se requiere autenticaci\u00f3n para aprovechar esta vulnerabilidad. La falla espec\u00edfica existe dentro de la funci\u00f3n updateServiceHost. El problema se debe a la falta de validaci\u00f3n adecuada de una cadena proporcionada por el usuario antes de usarla para construir consultas SQL. Un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del usuario de Apache. Era ZDI-CAN-23294."
}
],
"id": "CVE-2024-5723",
"lastModified": "2024-11-26T02:16:48.200",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "zdi-disclosures@trendmicro.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-08-21T17:15:08.413",
"references": [
{
"source": "zdi-disclosures@trendmicro.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-595/"
}
],
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "zdi-disclosures@trendmicro.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-02-24 13:15
Modified
2024-11-21 04:28
Severity ?
Summary
An issue was discovered in Centreon Web through 19.04.3. When a user changes his password on his profile page, the contact_autologin_key field in the database becomes blank when it should be NULL. This makes it possible to partially bypass authentication.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-19.04.html | Release Notes, Vendor Advisory | |
| cve@mitre.org | https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-19.10.html | Release Notes, Vendor Advisory | |
| cve@mitre.org | https://github.com/centreon/centreon/pull/8072 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-19.04.html | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-19.10.html | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/centreon/centreon/pull/8072 | Patch, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| centreon | centreon_web | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:centreon:centreon_web:*:*:*:*:*:*:*:*",
"matchCriteriaId": "86FACB82-2718-419C-8128-2AE90186A274",
"versionEndIncluding": "19.04.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Centreon Web through 19.04.3. When a user changes his password on his profile page, the contact_autologin_key field in the database becomes blank when it should be NULL. This makes it possible to partially bypass authentication."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en Centreon Web versiones hasta 19.04.3. Cuando un usuario cambia su contrase\u00f1a sobre su p\u00e1gina de perfil, el campo contact_autologin_key en la base de datos pasa a blanco cuando deber\u00eda ser NULL. Esto hace posible una omisi\u00f3n de autenticaci\u00f3n parcialmente."
}
],
"id": "CVE-2019-15299",
"lastModified": "2024-11-21T04:28:24.590",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-02-24T13:15:11.387",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-19.04.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-19.10.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/centreon/centreon/pull/8072"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-19.04.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-19.10.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/centreon/centreon/pull/8072"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-10-08 13:15
Modified
2024-11-21 04:31
Severity ?
Summary
In Centreon Web through 2.8.29, disclosure of external components' passwords allows authenticated attackers to move laterally to external components.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2019/10/09/2 | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://github.com/centreon/centreon/issues/7098 | Third Party Advisory | |
| cve@mitre.org | https://www.openwall.com/lists/oss-security/2019/10/08/1 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2019/10/09/2 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/centreon/centreon/issues/7098 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.openwall.com/lists/oss-security/2019/10/08/1 | Mailing List, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| centreon | centreon_web | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:centreon:centreon_web:*:*:*:*:*:*:*:*",
"matchCriteriaId": "21BF64FC-E372-4F0D-9CC5-38708099BB2B",
"versionEndIncluding": "2.8.29",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Centreon Web through 2.8.29, disclosure of external components\u0027 passwords allows authenticated attackers to move laterally to external components."
},
{
"lang": "es",
"value": "En Centreon Web versiones hasta 2.8.29, la divulgaci\u00f3n de las contrase\u00f1as de los componentes externos permite a atacantes autenticados moverse lateralmente en los componentes externos."
}
],
"id": "CVE-2019-17106",
"lastModified": "2024-11-21T04:31:42.317",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-10-08T13:15:15.690",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2019/10/09/2"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/centreon/centreon/issues/7098"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://www.openwall.com/lists/oss-security/2019/10/08/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2019/10/09/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/centreon/centreon/issues/7098"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://www.openwall.com/lists/oss-security/2019/10/08/1"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-312"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-05-04 17:15
Modified
2024-11-21 05:56
Severity ?
Summary
Insecure Permissions in Centreon Web versions 19.10.18, 20.04.8, and 20.10.2 allows remote attackers to bypass validation by changing any file extension to ".gif", then uploading it in the "Administration/ Parameters/ Images" section of the application.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| centreon | centreon_web | 19.10.18 | |
| centreon | centreon_web | 20.04.8 | |
| centreon | centreon_web | 20.10.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:centreon:centreon_web:19.10.18:*:*:*:*:*:*:*",
"matchCriteriaId": "A5C8D069-02D8-4FF2-9F42-B665EF576040",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:centreon:centreon_web:20.04.8:*:*:*:*:*:*:*",
"matchCriteriaId": "21174697-5045-44A8-935E-D80C3ABE0E48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:centreon:centreon_web:20.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FA252808-DB35-4D56-AACF-EEB2C76BDB01",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Insecure Permissions in Centreon Web versions 19.10.18, 20.04.8, and 20.10.2 allows remote attackers to bypass validation by changing any file extension to \".gif\", then uploading it in the \"Administration/ Parameters/ Images\" section of the application."
},
{
"lang": "es",
"value": "Los permisos no seguros en Centreon Web versiones 19.10.18, 20.04.8 y 20.10.2, permiten a atacantes remotos omitir la comprobaci\u00f3n al cambiar cualquier extensi\u00f3n de archivo a \".gif\" y luego carg\u00e1ndola en la secci\u00f3n de la aplicaci\u00f3n \"Administration/ Parameters/ Images\""
}
],
"id": "CVE-2021-26804",
"lastModified": "2024-11-21T05:56:50.460",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-05-04T17:15:07.627",
"references": [
{
"source": "cve@mitre.org",
"url": "https://medium.com/%40pedro.ferreira.phf/vulnerability-affecting-some-versions-of-centreon-2b34bd6dc621"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://medium.com/%40pedro.ferreira.phf/vulnerability-affecting-some-versions-of-centreon-2b34bd6dc621"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-276"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-10-08 13:15
Modified
2024-11-21 04:02
Severity ?
Summary
In very rare cases, a PHP type juggling vulnerability in centreonAuth.class.php in Centreon Web before 2.8.27 allows attackers to bypass authentication mechanisms in place.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2019/10/09/2 | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://github.com/centreon/centreon/pull/7084 | Third Party Advisory | |
| cve@mitre.org | https://www.openwall.com/lists/oss-security/2019/10/08/1 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2019/10/09/2 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/centreon/centreon/pull/7084 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.openwall.com/lists/oss-security/2019/10/08/1 | Mailing List, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| centreon | centreon_web | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:centreon:centreon_web:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EC97D0D6-9DE6-4E07-85F8-F63FEE341473",
"versionEndExcluding": "2.8.27",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In very rare cases, a PHP type juggling vulnerability in centreonAuth.class.php in Centreon Web before 2.8.27 allows attackers to bypass authentication mechanisms in place."
},
{
"lang": "es",
"value": "En casos muy raros, una vulnerabilidad de tipo juggling de PHP en el archivo centreonAuth.class.php en Centreon Web versiones anteriores a 2.8.27, permite a atacantes omitir los mecanismos de autenticaci\u00f3n establecidos."
}
],
"id": "CVE-2018-21020",
"lastModified": "2024-11-21T04:02:42.610",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-10-08T13:15:13.267",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2019/10/09/2"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/centreon/centreon/pull/7084"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://www.openwall.com/lists/oss-security/2019/10/08/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2019/10/09/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/centreon/centreon/pull/7084"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://www.openwall.com/lists/oss-security/2019/10/08/1"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-10-08 13:15
Modified
2024-11-21 04:02
Severity ?
Summary
makeXML_ListServices.php in Centreon Web before 2.8.28 allows attackers to perform SQL injections via the host_id parameter.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2019/10/09/2 | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://github.com/centreon/centreon/pull/7087 | Patch, Third Party Advisory | |
| cve@mitre.org | https://www.openwall.com/lists/oss-security/2019/10/08/1 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2019/10/09/2 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/centreon/centreon/pull/7087 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.openwall.com/lists/oss-security/2019/10/08/1 | Mailing List, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| centreon | centreon_web | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:centreon:centreon_web:*:*:*:*:*:*:*:*",
"matchCriteriaId": "329C3E55-4109-420E-B83D-2A995C0C7728",
"versionEndExcluding": "2.8.28",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "makeXML_ListServices.php in Centreon Web before 2.8.28 allows attackers to perform SQL injections via the host_id parameter."
},
{
"lang": "es",
"value": "El archivo makeXML_ListServices.php en Centreon Web versiones anteriores a 2.8.28, permite a atacantes realizar inyecciones SQL por medio del par\u00e1metro host_id."
}
],
"id": "CVE-2018-21022",
"lastModified": "2024-11-21T04:02:42.910",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-10-08T13:15:13.407",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2019/10/09/2"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/centreon/centreon/pull/7087"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://www.openwall.com/lists/oss-security/2019/10/08/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2019/10/09/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/centreon/centreon/pull/7087"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://www.openwall.com/lists/oss-security/2019/10/08/1"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-11-21 18:15
Modified
2024-11-21 04:30
Severity ?
Summary
Centreon Web before 2.8.30, 18.10.x before 18.10.8, 19.04.x before 19.04.5 and 19.10.x before 19.10.2 allows Remote Code Execution by an administrator who can modify Macro Expression location settings. CVE-2019-16405 and CVE-2019-17501 are similar to one another and may be the same.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| centreon | centreon_web | * | |
| centreon | centreon_web | * | |
| centreon | centreon_web | * | |
| centreon | centreon_web | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:centreon:centreon_web:*:*:*:*:*:*:*:*",
"matchCriteriaId": "520548BA-DB41-4451-A8AF-5FBD26BC681A",
"versionEndExcluding": "2.8.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:centreon:centreon_web:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A2BACAD9-E250-471E-95AC-C2BDC88C6251",
"versionEndExcluding": "18.10.8",
"versionStartIncluding": "18.10.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:centreon:centreon_web:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E4F95794-5463-4FD2-BFD4-083B10326460",
"versionEndExcluding": "19.04.5",
"versionStartIncluding": "19.04.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:centreon:centreon_web:*:*:*:*:*:*:*:*",
"matchCriteriaId": "74D8CBF6-AC59-4667-8243-C62C3A5FB2F4",
"versionEndExcluding": "19.10.2",
"versionStartIncluding": "19.10.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Centreon Web before 2.8.30, 18.10.x before 18.10.8, 19.04.x before 19.04.5 and 19.10.x before 19.10.2 allows Remote Code Execution by an administrator who can modify Macro Expression location settings. CVE-2019-16405 and CVE-2019-17501 are similar to one another and may be the same."
},
{
"lang": "es",
"value": "Centreon Web anterior a la versi\u00f3n 2.8.30, 18.10.x anterior a la versi\u00f3n 18.10.8, 19.04.x anterior a la versi\u00f3n 19.04.5 y 19.10.x anterior a la versi\u00f3n 19.10.2 permite la ejecuci\u00f3n remota de c\u00f3digo por parte de un administrador que puede modificar la configuraci\u00f3n de ubicaci\u00f3n de Macro Expression. CVE-2019-16405 y CVE-2019-17501 son similares entre s\u00ed y pueden ser iguales."
}
],
"id": "CVE-2019-16405",
"lastModified": "2024-11-21T04:30:38.973",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-11-21T18:15:11.103",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/155999/Centreon-19.04-Remote-Code-Execution.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-18.10.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-19.04.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-19.10.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-2.8.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/TheCyberGeek/CVE-2019-16405.rb"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/centreon/centreon/pull/7864"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/centreon/centreon/pull/7884"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "https://thecybergeek.co.uk/cves/2019/09/17/CVE-2019-16405-06.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://thecybergeek.co.uk/cves/2019/09/19/CVEs.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/155999/Centreon-19.04-Remote-Code-Execution.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-18.10.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-19.04.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-19.10.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-2.8.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/TheCyberGeek/CVE-2019-16405.rb"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/centreon/centreon/pull/7864"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/centreon/centreon/pull/7884"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://thecybergeek.co.uk/cves/2019/09/17/CVE-2019-16405-06.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://thecybergeek.co.uk/cves/2019/09/19/CVEs.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-10-08 13:15
Modified
2024-11-21 04:31
Severity ?
Summary
Local file inclusion in brokerPerformance.php in Centreon Web before 2.8.28 allows attackers to disclose information or perform a stored XSS attack on a user.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2019/10/09/2 | Mailing List, Patch, Third Party Advisory | |
| cve@mitre.org | https://github.com/centreon/centreon/pull/7101 | Exploit, Third Party Advisory | |
| cve@mitre.org | https://www.openwall.com/lists/oss-security/2019/10/08/1 | Mailing List, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2019/10/09/2 | Mailing List, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/centreon/centreon/pull/7101 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.openwall.com/lists/oss-security/2019/10/08/1 | Mailing List, Patch, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| centreon | centreon_web | * | |
| centreon | centreon_web | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:centreon:centreon_web:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C78CEA10-239D-478C-BE4C-125A161926D6",
"versionEndExcluding": "2.8.28",
"versionStartIncluding": "2.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:centreon:centreon_web:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8BE4BAB3-6933-4E24-AFE6-F0A7BE93C538",
"versionEndExcluding": "18.10.5",
"versionStartIncluding": "18.10.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Local file inclusion in brokerPerformance.php in Centreon Web before 2.8.28 allows attackers to disclose information or perform a stored XSS attack on a user."
},
{
"lang": "es",
"value": "La inclusi\u00f3n de archivos locales en el archivo brokerPerformance.php en Centreon Web versiones anteriores a 2.8.28, permite a atacantes revelar informaci\u00f3n o realizar un ataque de tipo XSS almacenado sobre un usuario."
}
],
"id": "CVE-2019-17108",
"lastModified": "2024-11-21T04:31:42.600",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-10-08T13:15:15.830",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2019/10/09/2"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/centreon/centreon/pull/7101"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "https://www.openwall.com/lists/oss-security/2019/10/08/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2019/10/09/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/centreon/centreon/pull/7101"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "https://www.openwall.com/lists/oss-security/2019/10/08/1"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-06-25 18:29
Modified
2024-11-21 03:43
Severity ?
Summary
Multiple SQL injection vulnerabilities in Centreon 3.4.6 including Centreon Web 2.8.23 allow attacks via the searchU parameter in viewLogs.php, the id parameter in GetXmlHost.php, the chartId parameter in ExportCSVServiceData.php, the searchCurve parameter in listComponentTemplates.php, or the host_id parameter in makeXML_ListMetrics.php.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| centreon | centreon | 3.4.6 | |
| centreon | centreon_web | 2.8.23 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:centreon:centreon:3.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9ED0368F-E002-4195-9A58-4DA58FAC01D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:centreon:centreon_web:2.8.23:*:*:*:*:*:*:*",
"matchCriteriaId": "64434EDB-4A66-4C34-BDDF-9CC7B6CA9CCA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in Centreon 3.4.6 including Centreon Web 2.8.23 allow attacks via the searchU parameter in viewLogs.php, the id parameter in GetXmlHost.php, the chartId parameter in ExportCSVServiceData.php, the searchCurve parameter in listComponentTemplates.php, or the host_id parameter in makeXML_ListMetrics.php."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de inyecci\u00f3n SQL en Centreon 3.4.6, incluyendo Centreon Web 2.8.23, permiten ataques mediante el par\u00e1metro searchU en viewLogs.php, el par\u00e1metro id en GetXmlHost.php, el par\u00e1metro chartId en ExportCSVServiceData.php, el par\u00e1metro searchCurve en listComponentTemplates.php o el par\u00e1metro host_id en makeXML_ListMetrics.php."
}
],
"id": "CVE-2018-11589",
"lastModified": "2024-11-21T03:43:40.457",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-06-25T18:29:00.330",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-2.8/centreon-2.8.24.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/centreon/centreon/pull/6250"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/centreon/centreon/pull/6251"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/centreon/centreon/pull/6255"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/centreon/centreon/pull/6256"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/centreon/centreon/pull/6257"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/centreon/centreon/releases"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-2.8/centreon-2.8.24.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/centreon/centreon/pull/6250"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/centreon/centreon/pull/6251"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/centreon/centreon/pull/6255"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/centreon/centreon/pull/6256"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/centreon/centreon/pull/6257"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/centreon/centreon/releases"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-11-27 14:15
Modified
2024-11-21 04:28
Severity ?
Summary
A problem was found in Centreon Web through 19.04.3. An authenticated SQL injection is present in the page include/Administration/parameters/ldap/xml/ldap_host.php. The arId parameter is not properly filtered before being passed to the SQL query.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| centreon | centreon_web | * | |
| centreon | centreon_web | * | |
| centreon | centreon_web | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:centreon:centreon_web:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A3C5FCB6-6FA6-4C9D-A5B2-118313A53E74",
"versionEndExcluding": "2.8.30",
"versionStartIncluding": "2.8.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:centreon:centreon_web:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E4F95794-5463-4FD2-BFD4-083B10326460",
"versionEndExcluding": "19.04.5",
"versionStartIncluding": "19.04.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:centreon:centreon_web:*:*:*:*:*:*:*:*",
"matchCriteriaId": "74D8CBF6-AC59-4667-8243-C62C3A5FB2F4",
"versionEndExcluding": "19.10.2",
"versionStartIncluding": "19.10.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A problem was found in Centreon Web through 19.04.3. An authenticated SQL injection is present in the page include/Administration/parameters/ldap/xml/ldap_host.php. The arId parameter is not properly filtered before being passed to the SQL query."
},
{
"lang": "es",
"value": "Se encontr\u00f3 un problema en Centreon Web versiones hasta la versi\u00f3n 19.04.3. Una inyecci\u00f3n SQL autenticada est\u00e1 presente en la p\u00e1gina include/Administration/parameters/ldap/xml/ldap_host.php. El par\u00e1metro arId no es filtrado apropiadamente antes de pasarlo a la consulta SQL."
}
],
"id": "CVE-2019-15300",
"lastModified": "2024-11-21T04:28:24.743",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-11-27T14:15:11.327",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-19.04.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-19.10.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-2.8.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/centreon/centreon/pull/8008"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/centreon/centreon/pull/8009"
},
{
"source": "cve@mitre.org",
"tags": [
"Not Applicable"
],
"url": "https://www.certilience.fr/2019/08/CVE-2019-15300-vulnerabilit%C3%A9-centreon-sql-injection"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-19.04.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-19.10.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-2.8.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/centreon/centreon/pull/8008"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/centreon/centreon/pull/8009"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable"
],
"url": "https://www.certilience.fr/2019/08/CVE-2019-15300-vulnerabilit%C3%A9-centreon-sql-injection"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-10-08 13:15
Modified
2024-11-21 04:31
Severity ?
Summary
minPlayCommand.php in Centreon Web before 2.8.27 allows authenticated attackers to execute arbitrary code via the command_hostaddress parameter. NOTE: some sources have listed CVE-2019-17017 for this, but that is incorrect.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2019/10/09/2 | Mailing List, Patch, Third Party Advisory | |
| cve@mitre.org | https://github.com/centreon/centreon/pull/7099 | Exploit, Patch, Third Party Advisory | |
| cve@mitre.org | https://www.openwall.com/lists/oss-security/2019/10/08/1 | Mailing List, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2019/10/09/2 | Mailing List, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/centreon/centreon/pull/7099 | Exploit, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.openwall.com/lists/oss-security/2019/10/08/1 | Mailing List, Patch, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| centreon | centreon_web | * | |
| centreon | centreon_web | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:centreon:centreon_web:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F403B496-F145-4109-AC14-4482CDCBF8DF",
"versionEndExcluding": "2.8.27",
"versionStartIncluding": "2.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:centreon:centreon_web:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4039190B-55B7-4637-8224-8A7F4D3D1EB6",
"versionEndExcluding": "18.10.4",
"versionStartIncluding": "18.10.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "minPlayCommand.php in Centreon Web before 2.8.27 allows authenticated attackers to execute arbitrary code via the command_hostaddress parameter. NOTE: some sources have listed CVE-2019-17017 for this, but that is incorrect."
},
{
"lang": "es",
"value": "El archivo minPlayCommand.php en Centreon Web versiones anteriores a 2.8.27, permite a atacantes autenticados ejecutar c\u00f3digo arbitrario por medio del par\u00e1metro command_hostaddress. NOTA: algunas fuentes han listado el CVE-2019-17017 para esto, pero eso es incorrecto."
}
],
"id": "CVE-2019-17107",
"lastModified": "2024-11-21T04:31:42.463",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-10-08T13:15:15.753",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2019/10/09/2"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/centreon/centreon/pull/7099"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "https://www.openwall.com/lists/oss-security/2019/10/08/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2019/10/09/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/centreon/centreon/pull/7099"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "https://www.openwall.com/lists/oss-security/2019/10/08/1"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-11-21 18:15
Modified
2024-11-21 04:30
Severity ?
Summary
Centreon Web 19.04.4 has weak permissions within the OVA (aka VMware virtual machine) and OVF (aka VirtualBox virtual machine) files, allowing attackers to gain privileges via a Trojan horse Centreon-autodisco executable file that is launched by cron.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| centreon | centreon_web | 19.04.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:centreon:centreon_web:19.04.4:*:*:*:*:*:*:*",
"matchCriteriaId": "FB3F846A-1259-4986-925F-2CAFB55F3227",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Centreon Web 19.04.4 has weak permissions within the OVA (aka VMware virtual machine) and OVF (aka VirtualBox virtual machine) files, allowing attackers to gain privileges via a Trojan horse Centreon-autodisco executable file that is launched by cron."
},
{
"lang": "es",
"value": "Centreon Web versi\u00f3n 19.04.4, presenta permisos d\u00e9biles dentro de los archivos OVA (tambi\u00e9n se conoce como m\u00e1quina virtual VMware) y OVF (tambi\u00e9n se conoce como m\u00e1quina virtual VirtualBox), permitiendo a atacantes conseguir privilegios por medio de un archivo ejecutable Centreon-autodisco de tipo caballo de Troya que es iniciado por cron."
}
],
"id": "CVE-2019-16406",
"lastModified": "2024-11-21T04:30:39.170",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-11-21T18:15:11.180",
"references": [
{
"source": "cve@mitre.org",
"url": "https://documentation.centreon.com/docs/centreon-auto-discovery/en/latest/release_notes/18.10/centreon-auto-discovery-18.10.8.html"
},
{
"source": "cve@mitre.org",
"url": "https://documentation.centreon.com/docs/centreon-auto-discovery/en/latest/release_notes/19.04/centreon-auto-discovery-19.04.2.html"
},
{
"source": "cve@mitre.org",
"url": "https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-18.10.html#centreon-web-18-10-10"
},
{
"source": "cve@mitre.org",
"url": "https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-19.04.html#centreon-web-19-04-8"
},
{
"source": "cve@mitre.org",
"url": "https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-2.8.html#centreon-web-2-8-31"
},
{
"source": "cve@mitre.org",
"url": "https://github.com/centreon/centreon/pull/8062"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://thecybergeek.co.uk/cves/2019/09/19/CVEs.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://www.centreon.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://documentation.centreon.com/docs/centreon-auto-discovery/en/latest/release_notes/18.10/centreon-auto-discovery-18.10.8.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://documentation.centreon.com/docs/centreon-auto-discovery/en/latest/release_notes/19.04/centreon-auto-discovery-19.04.2.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-18.10.html#centreon-web-18-10-10"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-19.04.html#centreon-web-19-04-8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-2.8.html#centreon-web-2-8-31"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/centreon/centreon/pull/8062"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://thecybergeek.co.uk/cves/2019/09/19/CVEs.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://www.centreon.com"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-732"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-10-08 13:15
Modified
2024-11-21 04:02
Severity ?
Summary
getStats.php in Centreon Web before 2.8.28 allows authenticated attackers to execute arbitrary code via the ns_id parameter.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2019/10/09/2 | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://github.com/centreon/centreon/pull/7083 | Patch, Third Party Advisory | |
| cve@mitre.org | https://github.com/centreon/centreon/pull/7271 | Patch, Third Party Advisory | |
| cve@mitre.org | https://www.openwall.com/lists/oss-security/2019/10/08/1 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2019/10/09/2 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/centreon/centreon/pull/7083 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/centreon/centreon/pull/7271 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.openwall.com/lists/oss-security/2019/10/08/1 | Mailing List, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| centreon | centreon_web | * | |
| centreon | centreon_web | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:centreon:centreon_web:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C78CEA10-239D-478C-BE4C-125A161926D6",
"versionEndExcluding": "2.8.28",
"versionStartIncluding": "2.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:centreon:centreon_web:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8BE4BAB3-6933-4E24-AFE6-F0A7BE93C538",
"versionEndExcluding": "18.10.5",
"versionStartIncluding": "18.10.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "getStats.php in Centreon Web before 2.8.28 allows authenticated attackers to execute arbitrary code via the ns_id parameter."
},
{
"lang": "es",
"value": "El archivo getStats.php en Centreon Web versiones anteriores a 2.8.28, permite a atacantes autenticados ejecutar c\u00f3digo arbitrario por medio del par\u00e1metro ns_id."
}
],
"id": "CVE-2018-21023",
"lastModified": "2024-11-21T04:02:43.047",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-10-08T13:15:13.470",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2019/10/09/2"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/centreon/centreon/pull/7083"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/centreon/centreon/pull/7271"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://www.openwall.com/lists/oss-security/2019/10/08/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2019/10/09/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/centreon/centreon/pull/7083"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/centreon/centreon/pull/7271"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://www.openwall.com/lists/oss-security/2019/10/08/1"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-11-27 14:15
Modified
2024-11-21 04:28
Severity ?
Summary
A problem was found in Centreon Web through 19.04.3. An authenticated command injection is present in the page include/configuration/configObject/traps-mibs/formMibs.php. This page is called from the Centreon administration interface. This is the mibs management feature that contains a file filing form. At the time of submission of a file, the mnftr parameter is sent to the page and is not filtered properly. This allows one to inject Linux commands directly.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| centreon | centreon_web | * | |
| centreon | centreon_web | * | |
| centreon | centreon_web | * | |
| centreon | centreon_web | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:centreon:centreon_web:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A3C5FCB6-6FA6-4C9D-A5B2-118313A53E74",
"versionEndExcluding": "2.8.30",
"versionStartIncluding": "2.8.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:centreon:centreon_web:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A2BACAD9-E250-471E-95AC-C2BDC88C6251",
"versionEndExcluding": "18.10.8",
"versionStartIncluding": "18.10.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:centreon:centreon_web:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E4F95794-5463-4FD2-BFD4-083B10326460",
"versionEndExcluding": "19.04.5",
"versionStartIncluding": "19.04.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:centreon:centreon_web:*:*:*:*:*:*:*:*",
"matchCriteriaId": "74D8CBF6-AC59-4667-8243-C62C3A5FB2F4",
"versionEndExcluding": "19.10.2",
"versionStartIncluding": "19.10.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A problem was found in Centreon Web through 19.04.3. An authenticated command injection is present in the page include/configuration/configObject/traps-mibs/formMibs.php. This page is called from the Centreon administration interface. This is the mibs management feature that contains a file filing form. At the time of submission of a file, the mnftr parameter is sent to the page and is not filtered properly. This allows one to inject Linux commands directly."
},
{
"lang": "es",
"value": "Se encontr\u00f3 un problema en Centreon Web versiones hasta 19.04.3. Una inyecci\u00f3n de comando autenticada est\u00e1 presente en la p\u00e1gina include/configuration/configObject/traps-mibs/formMibs.php. Esta p\u00e1gina es llamada desde la interfaz de administraci\u00f3n de Centreon. Esta es la funcionalidad de administraci\u00f3n mibs que contiene un formulario de archivo. Al momento del env\u00edo de un archivo, el par\u00e1metro mnftr es enviado a la p\u00e1gina y no es filtrado apropiadamente. Esto permite inyectar comandos de Linux directamente."
}
],
"id": "CVE-2019-15298",
"lastModified": "2024-11-21T04:28:24.440",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-11-27T14:15:11.280",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-19.04.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/centreon/centreon/pull/8023"
},
{
"source": "cve@mitre.org",
"tags": [
"Not Applicable"
],
"url": "https://www.certilience.fr/2019/08/CVE-2019-15298-vulnerabilit%C3%A9-centreon-command-injection"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-19.04.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/centreon/centreon/pull/8023"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable"
],
"url": "https://www.certilience.fr/2019/08/CVE-2019-15298-vulnerabilit%C3%A9-centreon-command-injection"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-10-08 15:15
Modified
2024-11-21 04:31
Severity ?
Summary
The token generator in index.php in Centreon Web before 2.8.27 is predictable.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2019/10/09/2 | Mailing List, Patch, Third Party Advisory | |
| cve@mitre.org | https://github.com/centreon/centreon/pull/7100 | Patch, Third Party Advisory | |
| cve@mitre.org | https://www.openwall.com/lists/oss-security/2019/10/08/1 | Mailing List, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2019/10/09/2 | Mailing List, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/centreon/centreon/pull/7100 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.openwall.com/lists/oss-security/2019/10/08/1 | Mailing List, Patch, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| centreon | centreon_web | * | |
| centreon | centreon_web | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:centreon:centreon_web:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F403B496-F145-4109-AC14-4482CDCBF8DF",
"versionEndExcluding": "2.8.27",
"versionStartIncluding": "2.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:centreon:centreon_web:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8BE4BAB3-6933-4E24-AFE6-F0A7BE93C538",
"versionEndExcluding": "18.10.5",
"versionStartIncluding": "18.10.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The token generator in index.php in Centreon Web before 2.8.27 is predictable."
},
{
"lang": "es",
"value": "El generador de tokens en el archivo index.php en Centreon Web versiones anteriores a 2.8.27 es predecible."
}
],
"id": "CVE-2019-17105",
"lastModified": "2024-11-21T04:31:42.160",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-10-08T15:15:11.333",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2019/10/09/2"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/centreon/centreon/pull/7100"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "https://www.openwall.com/lists/oss-security/2019/10/08/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2019/10/09/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/centreon/centreon/pull/7100"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "https://www.openwall.com/lists/oss-security/2019/10/08/1"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-330"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-10-08 13:15
Modified
2024-11-21 04:02
Severity ?
Summary
img_gantt.php in Centreon Web before 2.8.27 allows attackers to perform SQL injections via the host_id parameter.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2019/10/09/2 | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://github.com/centreon/centreon/pull/7086 | Patch, Third Party Advisory | |
| cve@mitre.org | https://www.openwall.com/lists/oss-security/2019/10/08/1 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2019/10/09/2 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/centreon/centreon/pull/7086 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.openwall.com/lists/oss-security/2019/10/08/1 | Mailing List, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| centreon | centreon_web | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:centreon:centreon_web:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EC97D0D6-9DE6-4E07-85F8-F63FEE341473",
"versionEndExcluding": "2.8.27",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "img_gantt.php in Centreon Web before 2.8.27 allows attackers to perform SQL injections via the host_id parameter."
},
{
"lang": "es",
"value": "El archivo img_gantt.php en Centreon Web versiones anteriores a 2.8.27, permite a atacantes realizar inyecciones SQL por medio del par\u00e1metro host_id."
}
],
"id": "CVE-2018-21021",
"lastModified": "2024-11-21T04:02:42.770",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-10-08T13:15:13.347",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2019/10/09/2"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/centreon/centreon/pull/7086"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://www.openwall.com/lists/oss-security/2019/10/08/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2019/10/09/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/centreon/centreon/pull/7086"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://www.openwall.com/lists/oss-security/2019/10/08/1"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-08-21 17:15
Modified
2024-11-26 02:18
Severity ?
Summary
Centreon initCurveList SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Centreon. Authentication is required to exploit this vulnerability.
The specific flaw exists within the initCurveList function. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of the apache user. Was ZDI-CAN-22683.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| zdi-disclosures@trendmicro.com | https://www.zerodayinitiative.com/advisories/ZDI-24-597/ | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://thewatch.centreon.com/latest-security-bulletins-64/security-bulletin-for-centreon-web-3744 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| centreon | centreon_web | * | |
| centreon | centreon_web | * | |
| centreon | centreon_web | * | |
| centreon | centreon_web | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:centreon:centreon_web:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9CC41A14-2121-4CAF-9875-764CA1724ED7",
"versionEndExcluding": "22.10.23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:centreon:centreon_web:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1D1AC871-9AB8-4D93-B9F2-2E884F249C00",
"versionEndExcluding": "23.04.19",
"versionStartIncluding": "23.04.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:centreon:centreon_web:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F04FF72A-5B47-45AD-8B66-81F02956127A",
"versionEndExcluding": "23.10.13",
"versionStartIncluding": "23.10.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:centreon:centreon_web:*:*:*:*:*:*:*:*",
"matchCriteriaId": "512A0A4A-38C5-4EF5-B971-308C56E12E50",
"versionEndExcluding": "24.04.3",
"versionStartIncluding": "24.04.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Centreon initCurveList SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Centreon. Authentication is required to exploit this vulnerability.\n\nThe specific flaw exists within the initCurveList function. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of the apache user. Was ZDI-CAN-22683."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo de inyecci\u00f3n SQL de Centreon initCurveList. Esta vulnerabilidad permite a atacantes remotos ejecutar c\u00f3digo arbitrario en las instalaciones afectadas de Centreon. Se requiere autenticaci\u00f3n para aprovechar esta vulnerabilidad. La falla espec\u00edfica existe dentro de la funci\u00f3n initCurveList. El problema se debe a la falta de validaci\u00f3n adecuada de una cadena proporcionada por el usuario antes de usarla para construir consultas SQL. Un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del usuario de Apache. Era ZDI-CAN-22683."
}
],
"id": "CVE-2024-5725",
"lastModified": "2024-11-26T02:18:06.927",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "zdi-disclosures@trendmicro.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-08-21T17:15:08.607",
"references": [
{
"source": "zdi-disclosures@trendmicro.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-597/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://thewatch.centreon.com/latest-security-bulletins-64/security-bulletin-for-centreon-web-3744"
}
],
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "zdi-disclosures@trendmicro.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-06-25 18:29
Modified
2024-11-21 03:43
Severity ?
Summary
There is Remote Code Execution in Centreon 3.4.6 including Centreon Web 2.8.23 via the RPN value in the Virtual Metric form in centreonGraph.class.php.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| centreon | centreon | 3.4.6 | |
| centreon | centreon_web | 2.8.23 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:centreon:centreon:3.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9ED0368F-E002-4195-9A58-4DA58FAC01D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:centreon:centreon_web:2.8.23:*:*:*:*:*:*:*",
"matchCriteriaId": "64434EDB-4A66-4C34-BDDF-9CC7B6CA9CCA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There is Remote Code Execution in Centreon 3.4.6 including Centreon Web 2.8.23 via the RPN value in the Virtual Metric form in centreonGraph.class.php."
},
{
"lang": "es",
"value": "Hay una ejecuci\u00f3n remota de c\u00f3digo en Centreon 3.4.6, incluyendo Centreon Web 2.8.23 mediante el valor RPN en el formulario Virtual Metric en centreonGraph.class.php."
}
],
"id": "CVE-2018-11587",
"lastModified": "2024-11-21T03:43:40.173",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-06-25T18:29:00.190",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-2.8/centreon-2.8.24.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/centreon/centreon/pull/6263"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/centreon/centreon/releases"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-2.8/centreon-2.8.24.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/centreon/centreon/pull/6263"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/centreon/centreon/releases"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2018-11587
Vulnerability from cvelistv5
Published
2018-06-25 18:00
Modified
2024-08-05 08:10
Severity ?
EPSS score ?
Summary
There is Remote Code Execution in Centreon 3.4.6 including Centreon Web 2.8.23 via the RPN value in the Virtual Metric form in centreonGraph.class.php.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/centreon/centreon/pull/6263 | x_refsource_CONFIRM | |
| https://github.com/centreon/centreon/releases | x_refsource_CONFIRM | |
| https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-2.8/centreon-2.8.24.html | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T08:10:14.638Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/centreon/centreon/pull/6263"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/centreon/centreon/releases"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-2.8/centreon-2.8.24.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-04-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "There is Remote Code Execution in Centreon 3.4.6 including Centreon Web 2.8.23 via the RPN value in the Virtual Metric form in centreonGraph.class.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-25T17:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/centreon/centreon/pull/6263"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/centreon/centreon/releases"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-2.8/centreon-2.8.24.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-11587",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "There is Remote Code Execution in Centreon 3.4.6 including Centreon Web 2.8.23 via the RPN value in the Virtual Metric form in centreonGraph.class.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/centreon/centreon/pull/6263",
"refsource": "CONFIRM",
"url": "https://github.com/centreon/centreon/pull/6263"
},
{
"name": "https://github.com/centreon/centreon/releases",
"refsource": "CONFIRM",
"url": "https://github.com/centreon/centreon/releases"
},
{
"name": "https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-2.8/centreon-2.8.24.html",
"refsource": "CONFIRM",
"url": "https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-2.8/centreon-2.8.24.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-11587",
"datePublished": "2018-06-25T18:00:00",
"dateReserved": "2018-05-31T00:00:00",
"dateUpdated": "2024-08-05T08:10:14.638Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-21021
Vulnerability from cvelistv5
Published
2019-10-08 12:11
Modified
2024-08-05 12:19
Severity ?
EPSS score ?
Summary
img_gantt.php in Centreon Web before 2.8.27 allows attackers to perform SQL injections via the host_id parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/centreon/centreon/pull/7086 | x_refsource_MISC | |
| https://www.openwall.com/lists/oss-security/2019/10/08/1 | x_refsource_MISC | |
| http://www.openwall.com/lists/oss-security/2019/10/09/2 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:19:27.378Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/centreon/centreon/pull/7086"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2019/10/08/1"
},
{
"name": "[oss-security] 20191009 Re: Multiple vulnerabilities in Centreon-Web and Centreon-VM",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2019/10/09/2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "img_gantt.php in Centreon Web before 2.8.27 allows attackers to perform SQL injections via the host_id parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-09T08:06:06",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/centreon/centreon/pull/7086"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.openwall.com/lists/oss-security/2019/10/08/1"
},
{
"name": "[oss-security] 20191009 Re: Multiple vulnerabilities in Centreon-Web and Centreon-VM",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2019/10/09/2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-21021",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "img_gantt.php in Centreon Web before 2.8.27 allows attackers to perform SQL injections via the host_id parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/centreon/centreon/pull/7086",
"refsource": "MISC",
"url": "https://github.com/centreon/centreon/pull/7086"
},
{
"name": "https://www.openwall.com/lists/oss-security/2019/10/08/1",
"refsource": "MISC",
"url": "https://www.openwall.com/lists/oss-security/2019/10/08/1"
},
{
"name": "[oss-security] 20191009 Re: Multiple vulnerabilities in Centreon-Web and Centreon-VM",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2019/10/09/2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-21021",
"datePublished": "2019-10-08T12:11:52",
"dateReserved": "2019-10-03T00:00:00",
"dateUpdated": "2024-08-05T12:19:27.378Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-15300
Vulnerability from cvelistv5
Published
2019-11-27 13:23
Modified
2024-08-05 00:42
Severity ?
EPSS score ?
Summary
A problem was found in Centreon Web through 19.04.3. An authenticated SQL injection is present in the page include/Administration/parameters/ldap/xml/ldap_host.php. The arId parameter is not properly filtered before being passed to the SQL query.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:42:03.813Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.certilience.fr/2019/08/CVE-2019-15300-vulnerabilit%C3%A9-centreon-sql-injection"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-19.04.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/centreon/centreon/pull/8008"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-19.10.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/centreon/centreon/pull/8009"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-2.8.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A problem was found in Centreon Web through 19.04.3. An authenticated SQL injection is present in the page include/Administration/parameters/ldap/xml/ldap_host.php. The arId parameter is not properly filtered before being passed to the SQL query."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-27T13:23:56",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.certilience.fr/2019/08/CVE-2019-15300-vulnerabilit%C3%A9-centreon-sql-injection"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-19.04.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/centreon/centreon/pull/8008"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-19.10.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/centreon/centreon/pull/8009"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-2.8.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-15300",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A problem was found in Centreon Web through 19.04.3. An authenticated SQL injection is present in the page include/Administration/parameters/ldap/xml/ldap_host.php. The arId parameter is not properly filtered before being passed to the SQL query."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.certilience.fr/2019/08/CVE-2019-15300-vulnerabilit%C3%A9-centreon-sql-injection",
"refsource": "MISC",
"url": "https://www.certilience.fr/2019/08/CVE-2019-15300-vulnerabilit%C3%A9-centreon-sql-injection"
},
{
"name": "https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-19.04.html",
"refsource": "MISC",
"url": "https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-19.04.html"
},
{
"name": "https://github.com/centreon/centreon/pull/8008",
"refsource": "MISC",
"url": "https://github.com/centreon/centreon/pull/8008"
},
{
"name": "https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-19.10.html",
"refsource": "MISC",
"url": "https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-19.10.html"
},
{
"name": "https://github.com/centreon/centreon/pull/8009",
"refsource": "MISC",
"url": "https://github.com/centreon/centreon/pull/8009"
},
{
"name": "https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-2.8.html",
"refsource": "MISC",
"url": "https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-2.8.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-15300",
"datePublished": "2019-11-27T13:23:56",
"dateReserved": "2019-08-21T00:00:00",
"dateUpdated": "2024-08-05T00:42:03.813Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-5723
Vulnerability from cvelistv5
Published
2024-08-21 16:14
Modified
2024-08-21 17:27
Severity ?
EPSS score ?
Summary
Centreon updateServiceHost SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Centreon. Authentication is required to exploit this vulnerability.
The specific flaw exists within the updateServiceHost function. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of the apache user. Was ZDI-CAN-23294.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-24-595/ | x_research-advisory |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:centreon:centreon:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "centreon",
"vendor": "centreon",
"versions": [
{
"status": "affected",
"version": "23.10.8"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-5723",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-21T17:27:14.334455Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-21T17:27:57.933Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Centreon",
"vendor": "Centreon",
"versions": [
{
"status": "affected",
"version": "23.10.8"
}
]
}
],
"dateAssigned": "2024-06-06T19:22:05.154-05:00",
"datePublic": "2024-06-10T16:27:39.315-05:00",
"descriptions": [
{
"lang": "en",
"value": "Centreon updateServiceHost SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Centreon. Authentication is required to exploit this vulnerability.\n\nThe specific flaw exists within the updateServiceHost function. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of the apache user. Was ZDI-CAN-23294."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-21T16:14:43.583Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-24-595",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-595/"
}
],
"source": {
"lang": "en",
"value": "cchav3z"
},
"title": "Centreon updateServiceHost SQL Injection Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2024-5723",
"datePublished": "2024-08-21T16:14:43.583Z",
"dateReserved": "2024-06-07T00:22:05.126Z",
"dateUpdated": "2024-08-21T17:27:57.933Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-17105
Vulnerability from cvelistv5
Published
2019-10-08 14:35
Modified
2024-08-05 01:33
Severity ?
EPSS score ?
Summary
The token generator in index.php in Centreon Web before 2.8.27 is predictable.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.openwall.com/lists/oss-security/2019/10/08/1 | x_refsource_MISC | |
| https://github.com/centreon/centreon/pull/7100 | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2019/10/09/2 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:33:16.552Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2019/10/08/1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/centreon/centreon/pull/7100"
},
{
"name": "[oss-security] 20191009 Re: Multiple vulnerabilities in Centreon-Web and Centreon-VM",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2019/10/09/2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-10-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The token generator in index.php in Centreon Web before 2.8.27 is predictable."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-09T08:06:10",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.openwall.com/lists/oss-security/2019/10/08/1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/centreon/centreon/pull/7100"
},
{
"name": "[oss-security] 20191009 Re: Multiple vulnerabilities in Centreon-Web and Centreon-VM",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2019/10/09/2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-17105",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The token generator in index.php in Centreon Web before 2.8.27 is predictable."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.openwall.com/lists/oss-security/2019/10/08/1",
"refsource": "MISC",
"url": "https://www.openwall.com/lists/oss-security/2019/10/08/1"
},
{
"name": "https://github.com/centreon/centreon/pull/7100",
"refsource": "CONFIRM",
"url": "https://github.com/centreon/centreon/pull/7100"
},
{
"name": "[oss-security] 20191009 Re: Multiple vulnerabilities in Centreon-Web and Centreon-VM",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2019/10/09/2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-17105",
"datePublished": "2019-10-08T14:35:17",
"dateReserved": "2019-10-03T00:00:00",
"dateUpdated": "2024-08-05T01:33:16.552Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-21022
Vulnerability from cvelistv5
Published
2019-10-08 12:14
Modified
2024-08-05 12:19
Severity ?
EPSS score ?
Summary
makeXML_ListServices.php in Centreon Web before 2.8.28 allows attackers to perform SQL injections via the host_id parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/centreon/centreon/pull/7087 | x_refsource_MISC | |
| https://www.openwall.com/lists/oss-security/2019/10/08/1 | x_refsource_MISC | |
| http://www.openwall.com/lists/oss-security/2019/10/09/2 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:19:27.365Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/centreon/centreon/pull/7087"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2019/10/08/1"
},
{
"name": "[oss-security] 20191009 Re: Multiple vulnerabilities in Centreon-Web and Centreon-VM",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2019/10/09/2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "makeXML_ListServices.php in Centreon Web before 2.8.28 allows attackers to perform SQL injections via the host_id parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-09T08:06:09",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/centreon/centreon/pull/7087"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.openwall.com/lists/oss-security/2019/10/08/1"
},
{
"name": "[oss-security] 20191009 Re: Multiple vulnerabilities in Centreon-Web and Centreon-VM",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2019/10/09/2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-21022",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "makeXML_ListServices.php in Centreon Web before 2.8.28 allows attackers to perform SQL injections via the host_id parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/centreon/centreon/pull/7087",
"refsource": "MISC",
"url": "https://github.com/centreon/centreon/pull/7087"
},
{
"name": "https://www.openwall.com/lists/oss-security/2019/10/08/1",
"refsource": "MISC",
"url": "https://www.openwall.com/lists/oss-security/2019/10/08/1"
},
{
"name": "[oss-security] 20191009 Re: Multiple vulnerabilities in Centreon-Web and Centreon-VM",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2019/10/09/2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-21022",
"datePublished": "2019-10-08T12:14:26",
"dateReserved": "2019-10-03T00:00:00",
"dateUpdated": "2024-08-05T12:19:27.365Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-17107
Vulnerability from cvelistv5
Published
2019-10-08 12:24
Modified
2024-08-05 01:33
Severity ?
EPSS score ?
Summary
minPlayCommand.php in Centreon Web before 2.8.27 allows authenticated attackers to execute arbitrary code via the command_hostaddress parameter. NOTE: some sources have listed CVE-2019-17017 for this, but that is incorrect.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/centreon/centreon/pull/7099 | x_refsource_MISC | |
| https://www.openwall.com/lists/oss-security/2019/10/08/1 | x_refsource_MISC | |
| http://www.openwall.com/lists/oss-security/2019/10/09/2 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:33:16.612Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/centreon/centreon/pull/7099"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2019/10/08/1"
},
{
"name": "[oss-security] 20191009 Re: Multiple vulnerabilities in Centreon-Web and Centreon-VM",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2019/10/09/2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "minPlayCommand.php in Centreon Web before 2.8.27 allows authenticated attackers to execute arbitrary code via the command_hostaddress parameter. NOTE: some sources have listed CVE-2019-17017 for this, but that is incorrect."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-09T08:06:09",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/centreon/centreon/pull/7099"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.openwall.com/lists/oss-security/2019/10/08/1"
},
{
"name": "[oss-security] 20191009 Re: Multiple vulnerabilities in Centreon-Web and Centreon-VM",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2019/10/09/2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-17107",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "minPlayCommand.php in Centreon Web before 2.8.27 allows authenticated attackers to execute arbitrary code via the command_hostaddress parameter. NOTE: some sources have listed CVE-2019-17017 for this, but that is incorrect."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/centreon/centreon/pull/7099",
"refsource": "MISC",
"url": "https://github.com/centreon/centreon/pull/7099"
},
{
"name": "https://www.openwall.com/lists/oss-security/2019/10/08/1",
"refsource": "MISC",
"url": "https://www.openwall.com/lists/oss-security/2019/10/08/1"
},
{
"name": "[oss-security] 20191009 Re: Multiple vulnerabilities in Centreon-Web and Centreon-VM",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2019/10/09/2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-17107",
"datePublished": "2019-10-08T12:24:04",
"dateReserved": "2019-10-03T00:00:00",
"dateUpdated": "2024-08-05T01:33:16.612Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-15299
Vulnerability from cvelistv5
Published
2020-02-24 12:55
Modified
2024-08-05 00:42
Severity ?
EPSS score ?
Summary
An issue was discovered in Centreon Web through 19.04.3. When a user changes his password on his profile page, the contact_autologin_key field in the database becomes blank when it should be NULL. This makes it possible to partially bypass authentication.
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-19.04.html | x_refsource_MISC | |
| https://github.com/centreon/centreon/pull/8072 | x_refsource_MISC | |
| https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-19.10.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:42:03.770Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-19.04.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/centreon/centreon/pull/8072"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-19.10.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Centreon Web through 19.04.3. When a user changes his password on his profile page, the contact_autologin_key field in the database becomes blank when it should be NULL. This makes it possible to partially bypass authentication."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-24T12:55:57",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-19.04.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/centreon/centreon/pull/8072"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-19.10.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-15299",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Centreon Web through 19.04.3. When a user changes his password on his profile page, the contact_autologin_key field in the database becomes blank when it should be NULL. This makes it possible to partially bypass authentication."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-19.04.html",
"refsource": "MISC",
"url": "https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-19.04.html"
},
{
"name": "https://github.com/centreon/centreon/pull/8072",
"refsource": "MISC",
"url": "https://github.com/centreon/centreon/pull/8072"
},
{
"name": "https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-19.10.html",
"refsource": "MISC",
"url": "https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-19.10.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-15299",
"datePublished": "2020-02-24T12:55:57",
"dateReserved": "2019-08-21T00:00:00",
"dateUpdated": "2024-08-05T00:42:03.770Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-17108
Vulnerability from cvelistv5
Published
2019-10-08 12:25
Modified
2024-08-05 01:33
Severity ?
EPSS score ?
Summary
Local file inclusion in brokerPerformance.php in Centreon Web before 2.8.28 allows attackers to disclose information or perform a stored XSS attack on a user.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/centreon/centreon/pull/7101 | x_refsource_MISC | |
| https://www.openwall.com/lists/oss-security/2019/10/08/1 | x_refsource_MISC | |
| http://www.openwall.com/lists/oss-security/2019/10/09/2 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:33:17.279Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/centreon/centreon/pull/7101"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2019/10/08/1"
},
{
"name": "[oss-security] 20191009 Re: Multiple vulnerabilities in Centreon-Web and Centreon-VM",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2019/10/09/2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Local file inclusion in brokerPerformance.php in Centreon Web before 2.8.28 allows attackers to disclose information or perform a stored XSS attack on a user."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-09T08:06:04",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/centreon/centreon/pull/7101"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.openwall.com/lists/oss-security/2019/10/08/1"
},
{
"name": "[oss-security] 20191009 Re: Multiple vulnerabilities in Centreon-Web and Centreon-VM",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2019/10/09/2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-17108",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Local file inclusion in brokerPerformance.php in Centreon Web before 2.8.28 allows attackers to disclose information or perform a stored XSS attack on a user."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/centreon/centreon/pull/7101",
"refsource": "MISC",
"url": "https://github.com/centreon/centreon/pull/7101"
},
{
"name": "https://www.openwall.com/lists/oss-security/2019/10/08/1",
"refsource": "MISC",
"url": "https://www.openwall.com/lists/oss-security/2019/10/08/1"
},
{
"name": "[oss-security] 20191009 Re: Multiple vulnerabilities in Centreon-Web and Centreon-VM",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2019/10/09/2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-17108",
"datePublished": "2019-10-08T12:25:07",
"dateReserved": "2019-10-03T00:00:00",
"dateUpdated": "2024-08-05T01:33:17.279Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-17106
Vulnerability from cvelistv5
Published
2019-10-08 12:21
Modified
2024-08-05 01:33
Severity ?
EPSS score ?
Summary
In Centreon Web through 2.8.29, disclosure of external components' passwords allows authenticated attackers to move laterally to external components.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/centreon/centreon/issues/7098 | x_refsource_MISC | |
| https://www.openwall.com/lists/oss-security/2019/10/08/1 | x_refsource_MISC | |
| http://www.openwall.com/lists/oss-security/2019/10/09/2 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:33:16.598Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/centreon/centreon/issues/7098"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2019/10/08/1"
},
{
"name": "[oss-security] 20191009 Re: Multiple vulnerabilities in Centreon-Web and Centreon-VM",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2019/10/09/2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Centreon Web through 2.8.29, disclosure of external components\u0027 passwords allows authenticated attackers to move laterally to external components."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-09T08:06:11",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/centreon/centreon/issues/7098"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.openwall.com/lists/oss-security/2019/10/08/1"
},
{
"name": "[oss-security] 20191009 Re: Multiple vulnerabilities in Centreon-Web and Centreon-VM",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2019/10/09/2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-17106",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Centreon Web through 2.8.29, disclosure of external components\u0027 passwords allows authenticated attackers to move laterally to external components."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/centreon/centreon/issues/7098",
"refsource": "MISC",
"url": "https://github.com/centreon/centreon/issues/7098"
},
{
"name": "https://www.openwall.com/lists/oss-security/2019/10/08/1",
"refsource": "MISC",
"url": "https://www.openwall.com/lists/oss-security/2019/10/08/1"
},
{
"name": "[oss-security] 20191009 Re: Multiple vulnerabilities in Centreon-Web and Centreon-VM",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2019/10/09/2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-17106",
"datePublished": "2019-10-08T12:21:04",
"dateReserved": "2019-10-03T00:00:00",
"dateUpdated": "2024-08-05T01:33:16.598Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-11588
Vulnerability from cvelistv5
Published
2018-06-25 18:00
Modified
2024-08-05 08:10
Severity ?
EPSS score ?
Summary
Centreon 3.4.6 including Centreon Web 2.8.23 is vulnerable to an authenticated user injecting a payload into the username or command description, resulting in stored XSS. This is related to www/include/core/menu/menu.php and www/include/configuration/configObject/command/formArguments.php.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/centreon/centreon/releases | x_refsource_CONFIRM | |
| https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-2.8/centreon-2.8.24.html | x_refsource_CONFIRM | |
| https://github.com/centreon/centreon/pull/6260 | x_refsource_CONFIRM | |
| https://github.com/centreon/centreon/pull/6259 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T08:10:14.850Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/centreon/centreon/releases"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-2.8/centreon-2.8.24.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/centreon/centreon/pull/6260"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/centreon/centreon/pull/6259"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-05-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Centreon 3.4.6 including Centreon Web 2.8.23 is vulnerable to an authenticated user injecting a payload into the username or command description, resulting in stored XSS. This is related to www/include/core/menu/menu.php and www/include/configuration/configObject/command/formArguments.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-25T17:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/centreon/centreon/releases"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-2.8/centreon-2.8.24.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/centreon/centreon/pull/6260"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/centreon/centreon/pull/6259"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-11588",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Centreon 3.4.6 including Centreon Web 2.8.23 is vulnerable to an authenticated user injecting a payload into the username or command description, resulting in stored XSS. This is related to www/include/core/menu/menu.php and www/include/configuration/configObject/command/formArguments.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/centreon/centreon/releases",
"refsource": "CONFIRM",
"url": "https://github.com/centreon/centreon/releases"
},
{
"name": "https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-2.8/centreon-2.8.24.html",
"refsource": "CONFIRM",
"url": "https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-2.8/centreon-2.8.24.html"
},
{
"name": "https://github.com/centreon/centreon/pull/6260",
"refsource": "CONFIRM",
"url": "https://github.com/centreon/centreon/pull/6260"
},
{
"name": "https://github.com/centreon/centreon/pull/6259",
"refsource": "CONFIRM",
"url": "https://github.com/centreon/centreon/pull/6259"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-11588",
"datePublished": "2018-06-25T18:00:00",
"dateReserved": "2018-05-31T00:00:00",
"dateUpdated": "2024-08-05T08:10:14.850Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-51633
Vulnerability from cvelistv5
Published
2024-05-03 02:15
Modified
2024-08-02 22:40
Severity ?
EPSS score ?
Summary
Centreon sysName Cross-Site Scripting Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Centreon. User interaction is required to exploit this vulnerability.
The specific flaw exists within the processing of the sysName OID in SNMP. The issue results from the lack of proper validation of user-supplied data, which can lead to the injection of an arbitrary script. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-20731.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-24-416/ | x_research-advisory |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:centreon:centreon:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "centreon",
"vendor": "centreon",
"versions": [
{
"status": "affected",
"version": "23.04"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-51633",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-03T16:17:10.786569Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:20:38.427Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:40:34.140Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ZDI-24-416",
"tags": [
"x_research-advisory",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-416/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Centreon",
"vendor": "Centreon",
"versions": [
{
"status": "affected",
"version": "23.04"
}
]
}
],
"dateAssigned": "2023-12-20T16:02:27.465-06:00",
"datePublic": "2024-04-29T16:36:33.562-05:00",
"descriptions": [
{
"lang": "en",
"value": "Centreon sysName Cross-Site Scripting Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Centreon. User interaction is required to exploit this vulnerability.\n\nThe specific flaw exists within the processing of the sysName OID in SNMP. The issue results from the lack of proper validation of user-supplied data, which can lead to the injection of an arbitrary script. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-20731."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-03T02:15:50.555Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-24-416",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-416/"
}
],
"source": {
"lang": "en",
"value": "Andreas Finstad"
},
"title": "Centreon sysName Cross-Site Scripting Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2023-51633",
"datePublished": "2024-05-03T02:15:50.555Z",
"dateReserved": "2023-12-20T21:52:34.963Z",
"dateUpdated": "2024-08-02T22:40:34.140Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-21023
Vulnerability from cvelistv5
Published
2019-10-08 12:17
Modified
2024-08-05 12:19
Severity ?
EPSS score ?
Summary
getStats.php in Centreon Web before 2.8.28 allows authenticated attackers to execute arbitrary code via the ns_id parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/centreon/centreon/pull/7083 | x_refsource_MISC | |
| https://www.openwall.com/lists/oss-security/2019/10/08/1 | x_refsource_MISC | |
| https://github.com/centreon/centreon/pull/7271 | x_refsource_MISC | |
| http://www.openwall.com/lists/oss-security/2019/10/09/2 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:19:27.181Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/centreon/centreon/pull/7083"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2019/10/08/1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/centreon/centreon/pull/7271"
},
{
"name": "[oss-security] 20191009 Re: Multiple vulnerabilities in Centreon-Web and Centreon-VM",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2019/10/09/2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "getStats.php in Centreon Web before 2.8.28 allows authenticated attackers to execute arbitrary code via the ns_id parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-09T08:06:04",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/centreon/centreon/pull/7083"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.openwall.com/lists/oss-security/2019/10/08/1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/centreon/centreon/pull/7271"
},
{
"name": "[oss-security] 20191009 Re: Multiple vulnerabilities in Centreon-Web and Centreon-VM",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2019/10/09/2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-21023",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "getStats.php in Centreon Web before 2.8.28 allows authenticated attackers to execute arbitrary code via the ns_id parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/centreon/centreon/pull/7083",
"refsource": "MISC",
"url": "https://github.com/centreon/centreon/pull/7083"
},
{
"name": "https://www.openwall.com/lists/oss-security/2019/10/08/1",
"refsource": "MISC",
"url": "https://www.openwall.com/lists/oss-security/2019/10/08/1"
},
{
"name": "https://github.com/centreon/centreon/pull/7271",
"refsource": "MISC",
"url": "https://github.com/centreon/centreon/pull/7271"
},
{
"name": "[oss-security] 20191009 Re: Multiple vulnerabilities in Centreon-Web and Centreon-VM",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2019/10/09/2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-21023",
"datePublished": "2019-10-08T12:17:15",
"dateReserved": "2019-10-03T00:00:00",
"dateUpdated": "2024-08-05T12:19:27.181Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-15298
Vulnerability from cvelistv5
Published
2019-11-27 13:31
Modified
2024-08-05 00:42
Severity ?
EPSS score ?
Summary
A problem was found in Centreon Web through 19.04.3. An authenticated command injection is present in the page include/configuration/configObject/traps-mibs/formMibs.php. This page is called from the Centreon administration interface. This is the mibs management feature that contains a file filing form. At the time of submission of a file, the mnftr parameter is sent to the page and is not filtered properly. This allows one to inject Linux commands directly.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.certilience.fr/2019/08/CVE-2019-15298-vulnerabilit%C3%A9-centreon-command-injection | x_refsource_MISC | |
| https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-19.04.html | x_refsource_MISC | |
| https://github.com/centreon/centreon/pull/8023 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:42:03.775Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.certilience.fr/2019/08/CVE-2019-15298-vulnerabilit%C3%A9-centreon-command-injection"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-19.04.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/centreon/centreon/pull/8023"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A problem was found in Centreon Web through 19.04.3. An authenticated command injection is present in the page include/configuration/configObject/traps-mibs/formMibs.php. This page is called from the Centreon administration interface. This is the mibs management feature that contains a file filing form. At the time of submission of a file, the mnftr parameter is sent to the page and is not filtered properly. This allows one to inject Linux commands directly."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-27T13:31:56",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.certilience.fr/2019/08/CVE-2019-15298-vulnerabilit%C3%A9-centreon-command-injection"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-19.04.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/centreon/centreon/pull/8023"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-15298",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A problem was found in Centreon Web through 19.04.3. An authenticated command injection is present in the page include/configuration/configObject/traps-mibs/formMibs.php. This page is called from the Centreon administration interface. This is the mibs management feature that contains a file filing form. At the time of submission of a file, the mnftr parameter is sent to the page and is not filtered properly. This allows one to inject Linux commands directly."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.certilience.fr/2019/08/CVE-2019-15298-vulnerabilit%C3%A9-centreon-command-injection",
"refsource": "MISC",
"url": "https://www.certilience.fr/2019/08/CVE-2019-15298-vulnerabilit%C3%A9-centreon-command-injection"
},
{
"name": "https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-19.04.html",
"refsource": "MISC",
"url": "https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-19.04.html"
},
{
"name": "https://github.com/centreon/centreon/pull/8023",
"refsource": "MISC",
"url": "https://github.com/centreon/centreon/pull/8023"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-15298",
"datePublished": "2019-11-27T13:31:56",
"dateReserved": "2019-08-21T00:00:00",
"dateUpdated": "2024-08-05T00:42:03.775Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-16406
Vulnerability from cvelistv5
Published
2019-11-21 17:36
Modified
2024-08-05 01:17
Severity ?
EPSS score ?
Summary
Centreon Web 19.04.4 has weak permissions within the OVA (aka VMware virtual machine) and OVF (aka VirtualBox virtual machine) files, allowing attackers to gain privileges via a Trojan horse Centreon-autodisco executable file that is launched by cron.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:17:40.080Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.centreon.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://thecybergeek.co.uk/cves/2019/09/19/CVEs.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.centreon.com/docs/centreon-auto-discovery/en/latest/release_notes/19.04/centreon-auto-discovery-19.04.2.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.centreon.com/docs/centreon-auto-discovery/en/latest/release_notes/18.10/centreon-auto-discovery-18.10.8.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-19.04.html#centreon-web-19-04-8"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-18.10.html#centreon-web-18-10-10"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-2.8.html#centreon-web-2-8-31"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/centreon/centreon/pull/8062"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Centreon Web 19.04.4 has weak permissions within the OVA (aka VMware virtual machine) and OVF (aka VirtualBox virtual machine) files, allowing attackers to gain privileges via a Trojan horse Centreon-autodisco executable file that is launched by cron."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-06T19:42:36",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.centreon.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://thecybergeek.co.uk/cves/2019/09/19/CVEs.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.centreon.com/docs/centreon-auto-discovery/en/latest/release_notes/19.04/centreon-auto-discovery-19.04.2.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.centreon.com/docs/centreon-auto-discovery/en/latest/release_notes/18.10/centreon-auto-discovery-18.10.8.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-19.04.html#centreon-web-19-04-8"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-18.10.html#centreon-web-18-10-10"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-2.8.html#centreon-web-2-8-31"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/centreon/centreon/pull/8062"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-16406",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Centreon Web 19.04.4 has weak permissions within the OVA (aka VMware virtual machine) and OVF (aka VirtualBox virtual machine) files, allowing attackers to gain privileges via a Trojan horse Centreon-autodisco executable file that is launched by cron."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.centreon.com",
"refsource": "MISC",
"url": "https://www.centreon.com"
},
{
"name": "https://thecybergeek.co.uk/cves/2019/09/19/CVEs.html",
"refsource": "MISC",
"url": "https://thecybergeek.co.uk/cves/2019/09/19/CVEs.html"
},
{
"name": "https://documentation.centreon.com/docs/centreon-auto-discovery/en/latest/release_notes/19.04/centreon-auto-discovery-19.04.2.html",
"refsource": "CONFIRM",
"url": "https://documentation.centreon.com/docs/centreon-auto-discovery/en/latest/release_notes/19.04/centreon-auto-discovery-19.04.2.html"
},
{
"name": "https://documentation.centreon.com/docs/centreon-auto-discovery/en/latest/release_notes/18.10/centreon-auto-discovery-18.10.8.html",
"refsource": "CONFIRM",
"url": "https://documentation.centreon.com/docs/centreon-auto-discovery/en/latest/release_notes/18.10/centreon-auto-discovery-18.10.8.html"
},
{
"name": "https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-19.04.html#centreon-web-19-04-8",
"refsource": "MISC",
"url": "https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-19.04.html#centreon-web-19-04-8"
},
{
"name": "https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-18.10.html#centreon-web-18-10-10",
"refsource": "MISC",
"url": "https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-18.10.html#centreon-web-18-10-10"
},
{
"name": "https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-2.8.html#centreon-web-2-8-31",
"refsource": "MISC",
"url": "https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-2.8.html#centreon-web-2-8-31"
},
{
"name": "https://github.com/centreon/centreon/pull/8062",
"refsource": "MISC",
"url": "https://github.com/centreon/centreon/pull/8062"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-16406",
"datePublished": "2019-11-21T17:36:59",
"dateReserved": "2019-09-18T00:00:00",
"dateUpdated": "2024-08-05T01:17:40.080Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-11589
Vulnerability from cvelistv5
Published
2018-06-25 18:00
Modified
2024-08-05 08:10
Severity ?
EPSS score ?
Summary
Multiple SQL injection vulnerabilities in Centreon 3.4.6 including Centreon Web 2.8.23 allow attacks via the searchU parameter in viewLogs.php, the id parameter in GetXmlHost.php, the chartId parameter in ExportCSVServiceData.php, the searchCurve parameter in listComponentTemplates.php, or the host_id parameter in makeXML_ListMetrics.php.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/centreon/centreon/pull/6250 | x_refsource_CONFIRM | |
| https://github.com/centreon/centreon/pull/6257 | x_refsource_CONFIRM | |
| https://github.com/centreon/centreon/pull/6251 | x_refsource_CONFIRM | |
| https://github.com/centreon/centreon/pull/6256 | x_refsource_CONFIRM | |
| https://github.com/centreon/centreon/releases | x_refsource_CONFIRM | |
| https://github.com/centreon/centreon/pull/6255 | x_refsource_CONFIRM | |
| https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-2.8/centreon-2.8.24.html | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T08:10:14.875Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/centreon/centreon/pull/6250"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/centreon/centreon/pull/6257"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/centreon/centreon/pull/6251"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/centreon/centreon/pull/6256"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/centreon/centreon/releases"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/centreon/centreon/pull/6255"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-2.8/centreon-2.8.24.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-04-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in Centreon 3.4.6 including Centreon Web 2.8.23 allow attacks via the searchU parameter in viewLogs.php, the id parameter in GetXmlHost.php, the chartId parameter in ExportCSVServiceData.php, the searchCurve parameter in listComponentTemplates.php, or the host_id parameter in makeXML_ListMetrics.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-25T17:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/centreon/centreon/pull/6250"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/centreon/centreon/pull/6257"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/centreon/centreon/pull/6251"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/centreon/centreon/pull/6256"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/centreon/centreon/releases"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/centreon/centreon/pull/6255"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-2.8/centreon-2.8.24.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-11589",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in Centreon 3.4.6 including Centreon Web 2.8.23 allow attacks via the searchU parameter in viewLogs.php, the id parameter in GetXmlHost.php, the chartId parameter in ExportCSVServiceData.php, the searchCurve parameter in listComponentTemplates.php, or the host_id parameter in makeXML_ListMetrics.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/centreon/centreon/pull/6250",
"refsource": "CONFIRM",
"url": "https://github.com/centreon/centreon/pull/6250"
},
{
"name": "https://github.com/centreon/centreon/pull/6257",
"refsource": "CONFIRM",
"url": "https://github.com/centreon/centreon/pull/6257"
},
{
"name": "https://github.com/centreon/centreon/pull/6251",
"refsource": "CONFIRM",
"url": "https://github.com/centreon/centreon/pull/6251"
},
{
"name": "https://github.com/centreon/centreon/pull/6256",
"refsource": "CONFIRM",
"url": "https://github.com/centreon/centreon/pull/6256"
},
{
"name": "https://github.com/centreon/centreon/releases",
"refsource": "CONFIRM",
"url": "https://github.com/centreon/centreon/releases"
},
{
"name": "https://github.com/centreon/centreon/pull/6255",
"refsource": "CONFIRM",
"url": "https://github.com/centreon/centreon/pull/6255"
},
{
"name": "https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-2.8/centreon-2.8.24.html",
"refsource": "CONFIRM",
"url": "https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-2.8/centreon-2.8.24.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-11589",
"datePublished": "2018-06-25T18:00:00",
"dateReserved": "2018-05-31T00:00:00",
"dateUpdated": "2024-08-05T08:10:14.875Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-21020
Vulnerability from cvelistv5
Published
2019-10-08 12:08
Modified
2024-08-05 12:19
Severity ?
EPSS score ?
Summary
In very rare cases, a PHP type juggling vulnerability in centreonAuth.class.php in Centreon Web before 2.8.27 allows attackers to bypass authentication mechanisms in place.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/centreon/centreon/pull/7084 | x_refsource_MISC | |
| https://www.openwall.com/lists/oss-security/2019/10/08/1 | x_refsource_MISC | |
| http://www.openwall.com/lists/oss-security/2019/10/09/2 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:19:27.264Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/centreon/centreon/pull/7084"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2019/10/08/1"
},
{
"name": "[oss-security] 20191009 Re: Multiple vulnerabilities in Centreon-Web and Centreon-VM",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2019/10/09/2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In very rare cases, a PHP type juggling vulnerability in centreonAuth.class.php in Centreon Web before 2.8.27 allows attackers to bypass authentication mechanisms in place."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-09T08:06:08",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/centreon/centreon/pull/7084"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.openwall.com/lists/oss-security/2019/10/08/1"
},
{
"name": "[oss-security] 20191009 Re: Multiple vulnerabilities in Centreon-Web and Centreon-VM",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2019/10/09/2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-21020",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In very rare cases, a PHP type juggling vulnerability in centreonAuth.class.php in Centreon Web before 2.8.27 allows attackers to bypass authentication mechanisms in place."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/centreon/centreon/pull/7084",
"refsource": "MISC",
"url": "https://github.com/centreon/centreon/pull/7084"
},
{
"name": "https://www.openwall.com/lists/oss-security/2019/10/08/1",
"refsource": "MISC",
"url": "https://www.openwall.com/lists/oss-security/2019/10/08/1"
},
{
"name": "[oss-security] 20191009 Re: Multiple vulnerabilities in Centreon-Web and Centreon-VM",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2019/10/09/2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-21020",
"datePublished": "2019-10-08T12:08:47",
"dateReserved": "2019-10-03T00:00:00",
"dateUpdated": "2024-08-05T12:19:27.264Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-26804
Vulnerability from cvelistv5
Published
2021-05-04 16:49
Modified
2024-08-03 20:33
Severity ?
EPSS score ?
Summary
Insecure Permissions in Centreon Web versions 19.10.18, 20.04.8, and 20.10.2 allows remote attackers to bypass validation by changing any file extension to ".gif", then uploading it in the "Administration/ Parameters/ Images" section of the application.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:33:41.163Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://medium.com/%40pedro.ferreira.phf/vulnerability-affecting-some-versions-of-centreon-2b34bd6dc621"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Insecure Permissions in Centreon Web versions 19.10.18, 20.04.8, and 20.10.2 allows remote attackers to bypass validation by changing any file extension to \".gif\", then uploading it in the \"Administration/ Parameters/ Images\" section of the application."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-04T16:49:02",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://medium.com/%40pedro.ferreira.phf/vulnerability-affecting-some-versions-of-centreon-2b34bd6dc621"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-26804",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Insecure Permissions in Centreon Web versions 19.10.18, 20.04.8, and 20.10.2 allows remote attackers to bypass validation by changing any file extension to \".gif\", then uploading it in the \"Administration/ Parameters/ Images\" section of the application."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://medium.com/@pedro.ferreira.phf/vulnerability-affecting-some-versions-of-centreon-2b34bd6dc621",
"refsource": "MISC",
"url": "https://medium.com/@pedro.ferreira.phf/vulnerability-affecting-some-versions-of-centreon-2b34bd6dc621"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-26804",
"datePublished": "2021-05-04T16:49:02",
"dateReserved": "2021-02-05T00:00:00",
"dateUpdated": "2024-08-03T20:33:41.163Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-5725
Vulnerability from cvelistv5
Published
2024-08-21 16:14
Modified
2024-08-22 15:48
Severity ?
EPSS score ?
Summary
Centreon initCurveList SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Centreon. Authentication is required to exploit this vulnerability.
The specific flaw exists within the initCurveList function. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of the apache user. Was ZDI-CAN-22683.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-24-597/ | x_research-advisory |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:centreon:centreon:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "centreon",
"vendor": "centreon",
"versions": [
{
"status": "affected",
"version": "23.10.3"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-5725",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-21T17:15:54.500654Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-21T17:26:26.049Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-22T15:48:16.728Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://thewatch.centreon.com/latest-security-bulletins-64/security-bulletin-for-centreon-web-3744"
}
],
"title": "CVE Program Container",
"x_generator": {
"engine": "ADPogram 0.0.1"
}
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Centreon",
"vendor": "Centreon",
"versions": [
{
"status": "affected",
"version": "23.10.3"
}
]
}
],
"dateAssigned": "2024-06-06T19:24:06.079-05:00",
"datePublic": "2024-06-10T16:27:54.360-05:00",
"descriptions": [
{
"lang": "en",
"value": "Centreon initCurveList SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Centreon. Authentication is required to exploit this vulnerability.\n\nThe specific flaw exists within the initCurveList function. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of the apache user. Was ZDI-CAN-22683."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-21T16:14:52.027Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-24-597",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-597/"
}
],
"source": {
"lang": "en",
"value": "Anonymous"
},
"title": "Centreon initCurveList SQL Injection Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2024-5725",
"datePublished": "2024-08-21T16:14:52.027Z",
"dateReserved": "2024-06-07T00:24:06.045Z",
"dateUpdated": "2024-08-22T15:48:16.728Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-16405
Vulnerability from cvelistv5
Published
2019-11-21 17:35
Modified
2024-08-05 01:17
Severity ?
EPSS score ?
Summary
Centreon Web before 2.8.30, 18.10.x before 18.10.8, 19.04.x before 19.04.5 and 19.10.x before 19.10.2 allows Remote Code Execution by an administrator who can modify Macro Expression location settings. CVE-2019-16405 and CVE-2019-17501 are similar to one another and may be the same.
References
| ▼ | URL | Tags |
|---|---|---|
| https://thecybergeek.co.uk/cves/2019/09/17/CVE-2019-16405-06.html | x_refsource_MISC | |
| https://thecybergeek.co.uk/cves/2019/09/19/CVEs.html | x_refsource_MISC | |
| https://github.com/TheCyberGeek/CVE-2019-16405.rb | x_refsource_MISC | |
| https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-2.8.html | x_refsource_CONFIRM | |
| https://github.com/centreon/centreon/pull/7884 | x_refsource_CONFIRM | |
| https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-18.10.html | x_refsource_CONFIRM | |
| https://github.com/centreon/centreon/pull/7864 | x_refsource_CONFIRM | |
| https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-19.04.html | x_refsource_CONFIRM | |
| https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-19.10.html | x_refsource_CONFIRM | |
| http://packetstormsecurity.com/files/155999/Centreon-19.04-Remote-Code-Execution.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:17:41.054Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://thecybergeek.co.uk/cves/2019/09/17/CVE-2019-16405-06.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://thecybergeek.co.uk/cves/2019/09/19/CVEs.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/TheCyberGeek/CVE-2019-16405.rb"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-2.8.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/centreon/centreon/pull/7884"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-18.10.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/centreon/centreon/pull/7864"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-19.04.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-19.10.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/155999/Centreon-19.04-Remote-Code-Execution.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Centreon Web before 2.8.30, 18.10.x before 18.10.8, 19.04.x before 19.04.5 and 19.10.x before 19.10.2 allows Remote Code Execution by an administrator who can modify Macro Expression location settings. CVE-2019-16405 and CVE-2019-17501 are similar to one another and may be the same."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-20T19:06:05",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://thecybergeek.co.uk/cves/2019/09/17/CVE-2019-16405-06.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://thecybergeek.co.uk/cves/2019/09/19/CVEs.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/TheCyberGeek/CVE-2019-16405.rb"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-2.8.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/centreon/centreon/pull/7884"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-18.10.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/centreon/centreon/pull/7864"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-19.04.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-19.10.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/155999/Centreon-19.04-Remote-Code-Execution.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-16405",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Centreon Web before 2.8.30, 18.10.x before 18.10.8, 19.04.x before 19.04.5 and 19.10.x before 19.10.2 allows Remote Code Execution by an administrator who can modify Macro Expression location settings. CVE-2019-16405 and CVE-2019-17501 are similar to one another and may be the same."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://thecybergeek.co.uk/cves/2019/09/17/CVE-2019-16405-06.html",
"refsource": "MISC",
"url": "https://thecybergeek.co.uk/cves/2019/09/17/CVE-2019-16405-06.html"
},
{
"name": "https://thecybergeek.co.uk/cves/2019/09/19/CVEs.html",
"refsource": "MISC",
"url": "https://thecybergeek.co.uk/cves/2019/09/19/CVEs.html"
},
{
"name": "https://github.com/TheCyberGeek/CVE-2019-16405.rb",
"refsource": "MISC",
"url": "https://github.com/TheCyberGeek/CVE-2019-16405.rb"
},
{
"name": "https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-2.8.html",
"refsource": "CONFIRM",
"url": "https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-2.8.html"
},
{
"name": "https://github.com/centreon/centreon/pull/7884",
"refsource": "CONFIRM",
"url": "https://github.com/centreon/centreon/pull/7884"
},
{
"name": "https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-18.10.html",
"refsource": "CONFIRM",
"url": "https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-18.10.html"
},
{
"name": "https://github.com/centreon/centreon/pull/7864",
"refsource": "CONFIRM",
"url": "https://github.com/centreon/centreon/pull/7864"
},
{
"name": "https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-19.04.html",
"refsource": "CONFIRM",
"url": "https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-19.04.html"
},
{
"name": "https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-19.10.html",
"refsource": "CONFIRM",
"url": "https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-19.10.html"
},
{
"name": "http://packetstormsecurity.com/files/155999/Centreon-19.04-Remote-Code-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/155999/Centreon-19.04-Remote-Code-Execution.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-16405",
"datePublished": "2019-11-21T17:35:42",
"dateReserved": "2019-09-18T00:00:00",
"dateUpdated": "2024-08-05T01:17:41.054Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}