Lucene search
Veracode Vulnerability DatabaseVERACODE:36590HistoryAug 03, 2022 - 6:52 p.m.
Privilege Escalation
2022-08-0318:52:57
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
9
privilege escalation
centreon
sql injection
EPSS
0.007
Percentile
81.1%
Centreon is vulnerable to Privilege Escalation. The vulnerability lies in the configuration of poller resources, where user-supplies strings are not properly validated before being used to construct SQL queries. An authenticated attacker can exploit this vulnerability to escalate privileges to an administrator.
References
docs.centreon.com/docs/21.10/releases/centreon-core/
github.com/centreon/centreon/commit/2d7f69a9a050e86a29d377ca9a95d77dd885369d
github.com/centreon/centreon/commit/51ca164a620e2eb697854fe006fc70705d6f6a55
github.com/centreon/centreon/commit/ae3f331bb39726a690136b5680bf7af1f379d78d
github.com/centreon/centreon/pull/11213
www.zerodayinitiative.com/advisories/ZDI-22-953/
Related
nvd
nvd
CVE-2022-34871
2022-08-03 16:15:08
cvelist
cvelist
CVE-2022-34871
2022-08-03 15:21:13
zdi
zdi
Centreon Poller Resource SQL Injection Privilege Escalation Vulnerability
2022-07-07 00:00:00
prion
prion
Design/Logic Flaw
2022-08-03 16:15:00
osv
osv
CVE-2022-34871
2022-08-03 16:15:08
cve
cve
CVE-2022-34871
2022-08-03 16:15:08