Lucene search

GitHub Advisory DatabaseGHSA-25GV-WG6F-6FRP

HistorySep 27, 2022 - 12:00 a.m.

Centreon SQL Injection vulnerability via esc_name parameter

2022-09-2700:00:20

CWE-89

GitHub Advisory Database

github.com

centreon

sql injection

vulnerability

esc_name parameter

configuration

notifications

escalations

patches

software

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

36.7%

JSON

Centreon v20.10.18 was discovered to contain a SQL injection vulnerability via the esc_name (Escalation Name) parameter at Configuration/Notifications/Escalations. Versions 21.04.16, 21.10.8, and 22.04.2 contain patches.

Affected configurations

Vulners

Node

centreoncentreonRange22.0.0–22.04.1

centreoncentreonRange21.10.0–21.10.8

centreoncentreonRange<21.04.16

VendorProductVersionCPE
centreoncentreon*cpe:2.3:a:centreon:centreon:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
centreon	centreon	*	cpe:2.3:a:centreon:centreon::::::::

References

github.com/advisories/GHSA-25gv-wg6f-6frp

github.com/centreon/centreon/commit/1a6ee0e9a003ac4f07dc8c370aec6e8911279358

github.com/centreon/centreon/commit/76fdfba312515656419a1311a83adfb11a73199f

github.com/centreon/centreon/commit/cee5d3b0b0077182dfced5fb1d216a4ac168c05f

github.com/centreon/centreon/releases

nvd.nist.gov/vuln/detail/CVE-2022-40043

www.hakaioffensivesecurity.com/centreon-sqli-and-xss-vulnerability/

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

36.7%

JSON

Related for GHSA-25GV-WG6F-6FRP