Publication date: January 3rd, 2025
Component: centreon-web (on central server).
Feature: Virtual metrics settings
Description: SQLi in the form used to create virtual metrics in centreon-web, only accessible to authenticated users with high privilege access and rights to create a virtual metric.
Reference: CVE-2024-55573
CVSS: 9.1 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Severity: CRITICAL
Status: Fixes have been provided for all supported versions and it is recommended to update Centreon Central server:
These versions include cumulative fixes from prior updates.
Reporter: SpawnZii for YesWeHack
Submission: November 25, 2024
Stay ahead of potential threats by subscribing to the Security Bulletin section. You’ll receive instant notifications whenever a new bulletin is published, ensuring your infrastructure remains secure and up to date.