Lucene search
Veracode Vulnerability DatabaseVERACODE:36602HistoryAug 04, 2022 - 1:32 p.m.
Information Disclosure
2022-08-0413:32:44
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
17
centreon
vulnerable
information disclosure
user input validation
db-func.php
authenticated attackers
stored credentials
EPSS
0.004
Percentile
74.5%
centreon/centreon is vulnerable to information disclosure. Lack of proper validation of user supplied strings while processing virtual metrics inDB-Func.php allows authenticated attackers to gain access to confidential user information such as stored credentials.
References
docs.centreon.com/docs/21.10/releases/centreon-core/
github.com/advisories/GHSA-m5m7-39r4-cvhv
github.com/centreon/centreon/commit/46d26427b8323e9295655253f691d0c6689c708d
github.com/centreon/centreon/commit/51e96d8c243389a0ac1934a81ee0418a2dab4c07
github.com/centreon/centreon/commit/5f8771048e19d197b7946272edd59e3feacbd026
github.com/centreon/centreon/commit/cbac7bac48b2fc91649c31209c3d560f883392dd
www.zerodayinitiative.com/advisories/ZDI-22-954/
Related
zdi
zdi
Centreon Virtual Metrics SQL Injection Information Disclosure Vulnerability
2022-07-07 00:00:00
prion
prion
Design/Logic Flaw
2022-08-03 16:15:00
cvelist
cvelist
CVE-2022-34872
2022-08-03 15:21:26
nvd
nvd
CVE-2022-34872
2022-08-03 16:15:08
cve
cve
CVE-2022-34872
2022-08-03 16:15:08
osv
osv
CVE-2022-34872
2022-08-03 16:15:08