Main Vulnerability Database SB2020030409

SB2020030409 - Improper Authentication in Centreon

Published: March 4, 2020

Security Bulletin ID SB2020030409

Severity

High

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Improper Authentication (CVE-ID: CVE-2019-15299)

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to an error when a user changes his password on his profile page, the "contact_autologin_key" field in the database becomes blank when it should be NULL. A remote authenticated attacker can bypass authentication process and gain unauthorized access to the application.

Remediation

Install update from vendor's website.

References

https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-19.04.html
https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-19.10.html
https://github.com/centreon/centreon/pull/8072
https://snyk.io/vuln/SNYK-PHP-CENTREONCENTREON-551996