Publication date: November 22, 2024
Component: centreon-web (on central server).
Feature: Monitoring configuration logs
Description: A stored XSS was found in the user configuration contact name field.
Details : A script can be stored in the contact name field to be reflected in the adminstration logs. These two pages are only accessible to authenticated users with high privilege access.
Reference: CVE-2024-47863
CVSS: 6.2 - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:N/A:N
Severity: MEDIUM
Status: Fixes have been provided for all supported versions and it is recommended to update Centreon Central server:
- Centreon Web 24.10.0
- Centreon Web 24.04.8
- Centreon Web 23.10.18
- Centreon Web 23.04.23
- Centreon Web 22.10.26
These versions include cumulative fixes from prior updates.
Reporter: Mounir Aarab from NTT Belgium
Submission: Sep 14, 2024
Stay ahead of potential threats by subscribing to the Security Bulletin section. You’ll receive instant notifications whenever a new bulletin is published, ensuring your infrastructure remains secure and up to date.