Centreon is vulnerable to Privilege Escalation. The vulnerability lies in the configuration of poller resources, where user-supplies strings are not properly validated before being used to construct SQL queries. An authenticated attacker can exploit this vulnerability to escalate privileges to an administrator.
CPE | Name | Operator | Version |
---|---|---|---|
centreon/centreon | le | 20.10.17 | |
centreon/centreon | le | 20.10.17 |
docs.centreon.com/docs/21.10/releases/centreon-core/
github.com/centreon/centreon/commit/2d7f69a9a050e86a29d377ca9a95d77dd885369d
github.com/centreon/centreon/commit/51ca164a620e2eb697854fe006fc70705d6f6a55
github.com/centreon/centreon/commit/ae3f331bb39726a690136b5680bf7af1f379d78d
github.com/centreon/centreon/pull/11213
www.zerodayinitiative.com/advisories/ZDI-22-953/