Lucene search

GitHub Advisory DatabaseGHSA-J224-7QR4-8646

HistoryMay 24, 2022 - 4:58 p.m.

Centreon Does Not Set HTTPOnly Flag

2022-05-2416:58:02

CWE-565

GitHub Advisory Database

github.com

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

0.002 Low

EPSS

Percentile

52.1%

JSON

In Centreon VM through 19.04.3, the cookie configuration within the Apache HTTP Server does not protect against theft because the HTTPOnly flag is not set.

Affected configurations

Vulners

Node

centreoncentreonRange≤19.04.3

CPENameOperatorVersion
centreon/centreonle19.04.3

CPE	Name	Operator	Version
	centreon/centreon	le	19.04.3

References

docs.centreon.com/current/en/administration/secure-platform.html#securing-the-apache-web-server

github.com/advisories/GHSA-j224-7qr4-8646

github.com/centreon/centreon-archived/issues/7097

nvd.nist.gov/vuln/detail/CVE-2019-17104

www.openwall.com/lists/oss-security/2019/10/08/1

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

0.002 Low

EPSS

Percentile

52.1%

JSON

Related for GHSA-J224-7QR4-8646