Veracode Vulnerability DatabaseVERACODE:22005Remote Code Execution
0.012 Low
EPSS
Percentile
85.3%
centreon/centreon is vulnerable to remote code execution. An administrator with access to modify the Macro Expression location settings is able to execute arbitrary OS commands on the system through the comments field by changing the Macro Expression value to /.
| CPE | Name | Operator | Version |
|---|---|---|---|
| centreon/centreon | eq | 2.8.30 | |
| centreon/centreon | le | 19.10.1 | |
| centreon/centreon | le | 19.04.4 | |
| centreon/centreon | le | 18.10.7 |
References
packetstormsecurity.com/files/155999/Centreon-19.04-Remote-Code-Execution.html
documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-18.10.html
documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-19.04.html
documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-19.10.html
documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-2.8.html
github.com/centreon/centreon/pull/7864
github.com/centreon/centreon/pull/7884
github.com/TheCyberGeek/CVE-2019-16405.rb
thecybergeek.co.uk/cves/2019/09/17/CVE-2019-16405-06.html
thecybergeek.co.uk/cves/2019/09/19/CVEs.html
Related
