Skip to main content

Publication date: October 10, 2024

Component: centreon-bi-server (on central server).

Feature: Reporting jobs configuration.

 

Description: A SQL injection vulnerability in the listing of configured reporting jobs.

Details : SQLi in configuration pages, only accessible to authenticated users with high privilege access.

 

ReferenceCVE-2024-45754

CVSS:  7.2 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 

SeverityHIGH

 

Status: Fixes have been provided for all supported versions and it is recommended to update Centreon Central server:

These versions include cumulative fixes from prior updates.

 

Reporter: Matthew Taylor, Ludovic Tavernier and Rémi Millerand from Algosecure

Submission: Jul 31, 2024

Be the first to reply!