Security fixed in Centreon Web

Submission: June 21, 2024

Publication date: September 17, 2024

Severity: HIGH

Feature: Edition of contacts / users

Component: centreon-web

Fixes have been provided for all supported versions and it is recommended to update Centreon Web:

These versions include cumulative fixes from prior updates.

CVE-2024-39842 - SQLi in contacts form, only accessible to authenticated users with high privilege access.

Reporter: Trend Micro

Impact: (CVSS + Path) 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Description: A SQL injection vulnerability in Centreon 24.04.2 allows a remote high-privileged attacker to execute arbitrary SQL command via user massive changes inputs.

Reference: CVE-2024-39842

CVE-2024-39843 - SQLi in contacts form, only accessible to authenticated users with high privilege access.

Reporter: Trend Micro

Impact: (CVSS + Path) 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Description: A SQL injection vulnerability in Centreon 24.04.2 allows a remote high-privileged attacker to execute arbitrary SQL command via create user form inputs.

Reference: CVE-2024-39843

Stay ahead of potential threats by subscribing to the Security Bulletin section. You’ll receive instant notifications whenever a new bulletin is published, ensuring your infrastructure remains secure and up to date.

Be the first to reply!

Security fixed in Centreon Web

CVE-2024-39842 - SQLi in contacts form, only accessible to authenticated users with high privilege access.

CVE-2024-39843 - SQLi in contacts form, only accessible to authenticated users with high privilege access.

Reply

Sign up

Login to the community

Scanning file for viruses.

This file cannot be downloaded