Описание
Predictable CSRF tokens in centreon/centreon
An issue was discovered in Centreon-Web in Centreon Platform 20.10.0. The anti-CSRF token generation is predictable, which might allow CSRF attacks that add an admin user.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2021-28055
- https://github.com/centreon/centreon/pull/9612
- https://github.com/centreon/centreon/commit/0261d4b250135eb513fdb7d52ba6fdeb19c6863f
- https://github.com/centreon/centreon/commit/626d3fb91cef402df0ebda5a8165d8f45da67c7a
- https://github.com/centreon/centreon/releases/tag/19.10.23
- https://github.com/centreon/centreon/releases/tag/2.8.37
Пакеты
Наименование
centreon/centreon
composer
Затронутые версииВерсия исправления
>= 20.10.0, < 20.10.7
20.10.7
Наименование
centreon/centreon
composer
Затронутые версииВерсия исправления
>= 20.04.0, < 20.04.13
20.04.13
Наименование
centreon/centreon
composer
Затронутые версииВерсия исправления
>= 19.10.0, < 19.10.23
19.10.23
Наименование
centreon/centreon
composer
Затронутые версииВерсия исправления
< 2.8.37
2.8.37
Связанные уязвимости
CVSS3: 6.5
nvd
почти 5 лет назад
An issue was discovered in Centreon-Web in Centreon Platform 20.10.0. The anti-CSRF token generation is predictable, which might allow CSRF attacks that add an admin user.