CVE-2019-15298

Опубликовано: 27 нояб. 2019

Источник: nvd

CVSS3: 8.8

CVSS2: 6.5

EPSS Низкий

Описание

A problem was found in Centreon Web through 19.04.3. An authenticated command injection is present in the page include/configuration/configObject/traps-mibs/formMibs.php. This page is called from the Centreon administration interface. This is the mibs management feature that contains a file filing form. At the time of submission of a file, the mnftr parameter is sent to the page and is not filtered properly. This allows one to inject Linux commands directly.

Ссылки

https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-19.04.html
Release Notes
Third Party Advisory
https://github.com/centreon/centreon/pull/8023
Third Party Advisory
https://www.certilience.fr/2019/08/CVE-2019-15298-vulnerabilit%C3%A9-centreon-command-injection
Not Applicable
https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-19.04.html
Release Notes
Third Party Advisory
https://github.com/centreon/centreon/pull/8023
Third Party Advisory
https://www.certilience.fr/2019/08/CVE-2019-15298-vulnerabilit%C3%A9-centreon-command-injection
Not Applicable

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:centreon:centreon_web:*:*:*:*:*:*:*:*

Версия от 2.8.1 (включая) до 2.8.30 (исключая)

cpe:2.3:a:centreon:centreon_web:*:*:*:*:*:*:*:*

Версия от 18.10.0 (включая) до 18.10.8 (исключая)

cpe:2.3:a:centreon:centreon_web:*:*:*:*:*:*:*:*

Версия от 19.04.0 (включая) до 19.04.5 (исключая)

cpe:2.3:a:centreon:centreon_web:*:*:*:*:*:*:*:*

Версия от 19.10.0 (включая) до 19.10.2 (исключая)

EPSS

Процентиль: 92%

0.08911

Низкий

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-78

Связанные уязвимости

GHSA-xr82-vj36-ch3w

github

больше 3 лет назад

EPSS

Процентиль: 92%

0.08911

Низкий

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-78