Skip to main content
security bulletin

Security bulletin for Centreon Web

  • September 17, 2024
  • 0 replies
  • 733 views

Laurent
Centreonian
Forum|alt.badge.img+20

Security fixed in Centreon Web

 

Submission: June 21, 2024

Publication date: September 17, 2024

Severity: HIGH

 

Feature: Edition of contacts / users

Component: centreon-web

Fixes have been provided for all supported versions and it is recommended to update Centreon Web:

These versions include cumulative fixes from prior updates.

 

CVE-2024-39842 - SQLi in contacts form, only accessible to authenticated users with high privilege access.

Reporter: Trend Micro

Impact:  (CVSS + Path)  7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 

Description: A SQL injection vulnerability in Centreon 24.04.2 allows a remote high-privileged attacker to execute arbitrary SQL command via user massive changes inputs.

ReferenceCVE-2024-39842

 

CVE-2024-39843 - SQLi in contacts form, only accessible to authenticated users with high privilege access.

Reporter: Trend Micro

Impact:  (CVSS + Path)  7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 

Description: A SQL injection vulnerability in Centreon 24.04.2 allows a remote high-privileged attacker to execute arbitrary SQL command via create user form inputs.

ReferenceCVE-2024-39843

 

Stay ahead of potential threats by subscribing to the Security Bulletin section. You’ll receive instant notifications whenever a new bulletin is published, ensuring your infrastructure remains secure and up to date.

 

Did this topic help you find an answer to your question?

Reply


Cookie policy

We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

 
Cookie settings