Lucene search

Veracode Vulnerability DatabaseVERACODE:46267

HistoryApr 08, 2024 - 6:14 a.m.

SQL Injection

2024-04-0806:14:16

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

centreon

sql injection

vulnerability

user-supplied strings

sql queries

service account

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.5 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

29.0%

JSON

Centreon is vulnerable to SQL Injection. The vulnerability is due to improper validation of user-supplied strings before using them to construct SQL queries, specifically within the updateDirectory function. An attacker can leverage this vulnerability to execute code in the context of the service account.

CPENameOperatorVersion
centreon/centreonle22.10.2
centreon/centreonle22.10.2

CPE	Name	Operator	Version
	centreon/centreon	le	22.10.2
	centreon/centreon	le	22.10.2

References

github.com/advisories/GHSA-22v7-v3mj-pm8r

github.com/centreon/centreon/commit/530d1ae6093a07cd14f2a0126a02b29b32d8e9f3

github.com/centreon/centreon/pull/2934

www.zerodayinitiative.com/advisories/ZDI-24-118/

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.5 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

29.0%

JSON

Related for VERACODE:46267