Publication date: November 22, 2024
Component: centreon-open-tickets (on central server).
Feature: Open Tickets into ITSM tool from Centreon
Description: SQLi in the form to create a ticket, only accessible to authenticated users with high privilege access.
Reference: CVE-2024-45756
CVSS: 7.2 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Severity: HIGH
Status: Fixes have been provided for all supported versions and it is recommended to update Centreon Central server:
- Centreon Open Tickets 24.10.0
- Centreon Open Tickets 24.04.2
- Centreon Open Tickets 23.10.1
- Centreon Open Tickets 23.04.4
- Centreon Open Tickets 22.10.4
These versions include cumulative fixes from prior updates.
Important note: to ensure you do not lose any customization that might have been done to your OpenTicket provider, please make sure to:
- Take a backup of these folders:
/usr/share/centreon/www/modules/centreon-open-ticketsand/usr/share/centreon/www/widgets/open-tickets - Apply the patch
- Copy the backed up
register.phpfile(s) to/usr/share/centreon/www/modules/centreon-open-tickets/providers/
Please contact your Customer Success Manager or Technical Support if you need additional instructions before you apply the patch.
Reporter: Matthew Taylor, Ludovic Tavernier and Rémi Millerand from Algosecure
Submission: Aug 30, 2024
Stay ahead of potential threats by subscribing to the Security Bulletin section. You’ll receive instant notifications whenever a new bulletin is published, ensuring your infrastructure remains secure and up to date.