Skip to main content
Security Bulletin

Security bulletin for Centreon Web

  • June 27, 2024
  • 6 replies
  • 718 views
lpinsivy
Centreonian
Forum|alt.badge.img+21

An audit has identified security vulnerabilities in Centreon Web.

Centreon is unaware of situations where these could have been exploited.

If an instance of Centreon Web is exposed on Internet, these vulnerabilities have a high likelihood of being exploited and have a severe impact if exploited which results in a high risk.

 

CVE registration:   CVE-2024-32501, CVE-2024-33852, CVE-2024-33853, CVE-2024-33854, CVE-2024-5725, CVE-2024-39841

 

It is therefore highly recommended to apply the provided product updates as early as possible.

 

Who is impacted?

  • All Centreon on-premise platform versions are vulnerable.
  • Centreon Cloud platforms have already been updated.

 

Applying the fix

Fixes have been provided for all supported versions and it is recommended to update Centreon Web:

These versions include cumulative fixes from prior updates.

 

If you are running an unsupported version, it is strongly recommended that you upgrade your platform to 24.04.

6 replies

H
Forum|alt.badge.img+3
  • HHerrgesell
  • Steward *
  • 5 replies
  • June 27, 2024

Hello Laurent,

 

I could not find any details to the last three CVE’s: CVE-2024-33852, CVE-2024-33853, CVE-2024-33854

 

Only for the first one.

Could you provide any Information?

 

 

Thanks.

 

Regrads,

Henry

F
Forum|alt.badge.img+2
  • fgoebel
  • Steward *
  • 2 replies
  • June 28, 2024

Is this timeline correct? If yes, it was a poor performance at Centreon side:
(information from https://www.zerodayinitiative.com/advisories/ZDI-24-596/)

2024-03-07 - Vulnerability reported to vendor

2024-06-10 - Coordinated public release of advisory
→ more than 3 months to fix the issue, no information to the users

2024-06-27  Security bulletin available
→ again more than 2 weeks to release the security bulletin
 

Frank
lpinsivy
Centreonian
Forum|alt.badge.img+21
  • lpinsivy
  • Author
  • Centreonian
  • 1120 replies
  • July 1, 2024

Hi @HHerrgesell, we contacted the persons who discovered the security issues as well as Mitre. The publication should arrive soon.

Hi @fgoebel, yes sorry for the delay, others vulnerabilities where present in the same part and we prefered fix everything before to release fix.

C
Forum|alt.badge.img
  • christophe
  • Steward *
  • 1 reply
  • July 5, 2024

Bonjour,

 

Nous sommes en version 22.10.21 nous allons devoir faire une mise à niveau avant ? 

Cordialement,

 

lpinsivy
Centreonian
Forum|alt.badge.img+21
  • lpinsivy
  • Author
  • Centreonian
  • 1120 replies
  • July 5, 2024

Hi @christophe you can update to 22.10.23 or upgrade to another major version.

lpinsivy
Centreonian
Forum|alt.badge.img+21
  • lpinsivy
  • Author
  • Centreonian
  • 1120 replies
  • July 17, 2024

Added missing CVE-2024-39841 ID in the list.


Terms & ConditionsCookie settingsAccessibility statement