Publication date: March 12, 2025
Components: centreon-web and all modules.
Feature: All legacy pages
Description: Smarty is a template engine for PHP. In affected versions smarty did not properly escape javascript code. An attacker could exploit this vulnerability to execute arbitrary JavaScript code in the context of the user's browser session. This may lead to unauthorized access to sensitive user data, manipulation of the web application's behavior, or unauthorized actions performed on behalf of the user. Upgrade to either version 3.1.48.1
Reference: CVE-2024-55573
CVSS: 7.1 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
Severity: HIGH
Status: Fixes have been provided for all supported versions and it is recommended to update Centreon Central, Centreon Map and Centreon MBI servers:
These versions include cumulative fixes from prior updates.
Centreon 24.10.x and 24.04.x versions are not impacted, they are using 3.1.39 version.
Submission: Feb 07, 2025
Stay ahead of potential threats by subscribing to the Security Bulletin section. You’ll receive instant notifications whenever a new bulletin is published, ensuring your infrastructure remains secure and up to date.