SB2021020911 - Multiple vulnerabilities in Centreon
Published: February 9, 2021
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 8 secuirty vulnerabilities.
1) Stored cross-site scripting (CVE-ID: N/A)
The disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data within ACL/Access Groups functionality. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
2) Stored cross-site scripting (CVE-ID: N/A)
The disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data within ACL/Actions Access functionality. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
3) Stored cross-site scripting (CVE-ID: N/A)
The disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data within ACL/Resources Access functionality. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
4) Improper access control (CVE-ID: N/A)
The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions within REST API v1 interface. A remote attacker can bypass implemented security restrictions and gain unauthorized access to the application.
5) Information disclosure (CVE-ID: N/A)
The vulnerability allows a remote user to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output within the Configuration > Servicegroups feature. A remote user can gain unauthorized access to technical information.
6) Cleartext storage of sensitive information (CVE-ID: N/A)
The vulnerability allows an attacker to gain access to sensitive information.
The vulnerability exists within the Configuration/H/HTPL/S/STPL features due to application stores passwords in clear text. An attacker with access to the system can retrieve passwords and use the in further attacks against the application or it users.
7) Authentication Bypass by Capture-replay (CVE-ID: N/A)
The vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to Centreon uses tokens vulnerable to replay attacks. A remote attacker with ability to intercept authentication token can re-use it in order to authenticate against the application.
Also the mandatory token usage was addressed by the vendor.
8) Information exposure through externally-generated error message (CVE-ID: N/A)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application while handling error conditions within the Media feature. A remote attacker can read the PHP warning message about the missing tmp dir and gain knowledge of the system file structure.
Remediation
Install update from vendor's website.