Lucene search

[email protected]NVD:CVE-2021-26804

HistoryMay 04, 2021 - 5:15 p.m.

CVE-2021-26804

2021-05-0417:15:07

CWE-276

[email protected]

web.nvd.nist.gov

insecure permissions

centreon web

remote attackers

validation bypass

file extension

administration

parameters

images

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

EPSS

0.001

Percentile

39.8%

JSON

Insecure Permissions in Centreon Web versions 19.10.18, 20.04.8, and 20.10.2 allows remote attackers to bypass validation by changing any file extension to “.gif”, then uploading it in the “Administration/ Parameters/ Images” section of the application.

Affected configurations

Nvd

Node

centreoncentreon_webMatch19.10.18

centreoncentreon_webMatch20.04.8

centreoncentreon_webMatch20.10.2

References

medium.com/%40pedro.ferreira.phf/vulnerability-affecting-some-versions-of-centreon-2b34bd6dc621

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

EPSS

0.001

Percentile

39.8%

JSON

Related for NVD:CVE-2021-26804

cvelist1 prion1 cve1 rapid7blog1