Lucene search

GitHub Advisory DatabaseGHSA-25GV-WG6F-6FRP

HistorySep 27, 2022 - 12:00 a.m.

Centreon SQL Injection vulnerability via esc_name parameter

2022-09-2700:00:20

CWE-89

GitHub Advisory Database

github.com

centreon

sql injection

vulnerability

esc_name parameter

configuration

notifications

escalations

patches

software

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

36.9%

JSON

Centreon v20.10.18 was discovered to contain a SQL injection vulnerability via the esc_name (Escalation Name) parameter at Configuration/Notifications/Escalations. Versions 21.04.16, 21.10.8, and 22.04.2 contain patches.

Affected configurations

Vulners

Node

centreoncentreonRange<22.04.1

centreoncentreonRange<21.10.8

centreoncentreonRange<21.04.16

CPENameOperatorVersion
centreon/centreonlt22.04.1
centreon/centreonlt21.10.8
centreon/centreonlt21.04.16

Name	Operator	Version
centreon/centreon	lt	22.04.1
centreon/centreon	lt	21.10.8
centreon/centreon	lt	21.04.16

References

github.com/advisories/GHSA-25gv-wg6f-6frp

github.com/centreon/centreon/commit/1a6ee0e9a003ac4f07dc8c370aec6e8911279358

github.com/centreon/centreon/commit/76fdfba312515656419a1311a83adfb11a73199f

github.com/centreon/centreon/commit/cee5d3b0b0077182dfced5fb1d216a4ac168c05f

github.com/centreon/centreon/releases

nvd.nist.gov/vuln/detail/CVE-2022-40043

www.hakaioffensivesecurity.com/centreon-sqli-and-xss-vulnerability/

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

36.9%

JSON

Related for GHSA-25GV-WG6F-6FRP