GitHub Advisory DatabaseGHSA-H5QV-P378-3HHRCentreon Sensitive Data Exposure vulnerability
3.3 Low
CVSS2
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:A/AC:L/Au:N/C:P/I:N/A:N
4.3 Medium
CVSS3
Attack Vector
ADJACENT
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
0.001 Low
EPSS
Percentile
25.2%
Centreon before 19.10.7 exposes Session IDs in server responses.
Affected configurations
| CPE | Name | Operator | Version |
|---|---|---|---|
| centreon/centreon | lt | 2.8.32 | |
| centreon/centreon | lt | 18.10.11 | |
| centreon/centreon | lt | 19.04.10 | |
| centreon/centreon | lt | 19.10.7 |
References
github.com/advisories/GHSA-h5qv-p378-3hhr
github.com/centreon/centreon-archived/commit/02a3248602ce194fbb098af34be4652565db2468
github.com/centreon/centreon-archived/commit/1c14a8ee07225836bdd2ca480e47a63070a11bb9
github.com/centreon/centreon-archived/commit/afa0ee6d43d22860ae435163559912696569fc2f
github.com/centreon/centreon-archived/commit/fbee38536960eecaf52eda2bf31b90859c018b66
github.com/centreon/centreon-archived/pull/8291
nvd.nist.gov/vuln/detail/CVE-2020-10945
web.archive.org/web/20200625084841/https://sysdream.com/news/lab/2020-05-13-cve-2020-10945-centreon-session-id-exposure/
Related
3.3 Low
CVSS2
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:A/AC:L/Au:N/C:P/I:N/A:N
4.3 Medium
CVSS3
Attack Vector
ADJACENT
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
0.001 Low
EPSS
Percentile
25.2%