GitHub Advisory DatabaseGHSA-7RG4-266C-JQW6Predictable CSRF tokens in centreon/centreon
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
0.001 Low
EPSS
Percentile
32.6%
An issue was discovered in Centreon-Web in Centreon Platform 20.10.0. The anti-CSRF token generation is predictable, which might allow CSRF attacks that add an admin user.
Affected configurations
| CPE | Name | Operator | Version |
|---|---|---|---|
| centreon/centreon | lt | 2.8.37 | |
| centreon/centreon | lt | 19.10.23 | |
| centreon/centreon | lt | 20.04.13 | |
| centreon/centreon | lt | 20.10.7 |
References
github.com/advisories/GHSA-7rg4-266c-jqw6
github.com/centreon/centreon/commit/0261d4b250135eb513fdb7d52ba6fdeb19c6863f
github.com/centreon/centreon/commit/626d3fb91cef402df0ebda5a8165d8f45da67c7a
github.com/centreon/centreon/pull/9612
github.com/centreon/centreon/releases/tag/19.10.23
github.com/centreon/centreon/releases/tag/2.8.37
nvd.nist.gov/vuln/detail/CVE-2021-28055
Related
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
0.001 Low
EPSS
Percentile
32.6%