Security team alerts on [Centreon] - Critical vulnerabilities on Centreon 22.04

  • 12 October 2022
  • 3 replies
  • 72 views

Badge +6

Hello,

We have upgraded centreon 21.04 to centreon 22.04 on our Horprod platform,

and we have just been alerted by the security team on several possible security breaches. here is the list of flaws that security has just shared with us:

 

[[Administration] Sanitized and bound media import queries
[CLAPI] Sanitized and bound Centreon hostgroup class queries
[CLAPI] Sanitized and bound Centreon Service class queries
[CLAPI] Sanitized and bound LDAP listing queries
[Configuration] Fixed SQLi in Centreon Broker configuration menu
[Configuration] Fixed SQLi in contact groups form
[Configuration] Sanitized and bound Centreon hostgroups class queries
[Configuration] Sanitized and bound Centreon Notification class queries
[Configuration] Sanitized and bound Knowledge Base host listing queries
[Configuration] Sanitized and bound SNMP Traps groups configuration queries
[Configuration] Sanitized and bound SNMP Traps listing queries
[Configuration] Sanitized and bound service by hostgroups listing queries
[Configuration] Sanitized and bound Host categories listing queries
[Configuration] Sanitized and bound services listing queries
[Core] Sanitized and bound menu topology listing queries
[Install] Sanitized and bound default configuration queries

do we have to make a new update (22.04.6) will correct all the flaws?

if or what procedure should I follow?


3 replies

Badge +2

Hello,

It seems like this list comes from the 22.04.6 release note (see https://docs.centreon.com/docs/releases/centreon-core/#22046).

You can update your platform to the latest 22.04 version (currently 22.04.7) by following this documentation: https://docs.centreon.com/docs/update/update-centreon-platform/

Badge +6

 

thanks for the return

indeed I have just updated centreon web from 22.04.5 to 22.04.7, so I notice an instability of the centreon services (cbd, ).

and I have the following errors :

 best,

Badge +6

Solved

Reply