Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

Re: Multiple vulnerabilities in Centreon-Web and Centreon-VM

Related Vulnerabilities: CVE-2019-17017   CVE-2019-17107   CVE-2018-21023   CVE-2018-21024   CVE-2018-21021   CVE-2018-21022   CVE-2019-17108   CVE-2018-21025   CVE-2019-17104   CVE-2019-17106   CVE-2018-21020   CVE-2019-17105  
Source 
                							

                <!--X-Body-Begin-->
<!--X-User-Header-->

oss-sec
mailing list archives
<!--X-User-Header-End-->
<!--X-TopPNI-->

By Date

By Thread

</form>

<!--X-TopPNI-End-->
<!--X-MsgBody-->
<!--X-Subject-Header-Begin-->
Re: Multiple vulnerabilities in Centreon-Web and Centreon-VM

<!--X-Subject-Header-End-->
<!--X-Head-of-Message-->

From: Guillaume Quéré &lt;guillaume () quere eu&gt;

Date: Wed, 9 Oct 2019 07:53:36 +0200 (CEST)

<!--X-Head-of-Message-End-->
<!--X-Head-Body-Sep-Begin-->

<!--X-Head-Body-Sep-End-->
<!--X-Body-of-Message-->
Hello,

My advisory posted yesterday contains a problematic typo: CVE-2019-17017 should have been written CVE-2019-17107. Sorry 
for the inconvenience it may have caused.

Here is the corrected context:
High impact
===========

CVE-2019-17107: Authenticated RCE in minPlayCommand.php
-------------------------------------------------------
Details: https://github.com/centreon/centreon/pull/7099
Fixed in 2.8.27     (https://github.com/centreon/centreon/pull/7245)
Fixed in 18.10.4    (https://github.com/centreon/centreon/pull/7232)

Original advisory follows.
Guillaume Quéré

Centreon
========
"Centreon is the N°1 Open Source IT Infrastructure Monitoring Solution."

Multiple vulnerabilites were discovered in Centreon-Web in december 2018 and fixed in early 2019 over the course of 
two minor releases on both branches in versions 2.8.27/2.8.28 and 18.10.4/18.10.5.

https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-2.8/centreon-2.8.27.html
https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-2.8/centreon-2.8.28.html
https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-18.10/centreon-18.10.4.html
https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-18.10/centreon-18.10.5.html

Additional vulnerabilities were found in Centreon-VM that have not yet been fixed.

High impact
===========

CVE-2019-17017: Authenticated RCE in minPlayCommand.php
-------------------------------------------------------
Details: https://github.com/centreon/centreon/pull/7099
Fixed in 2.8.27     (https://github.com/centreon/centreon/pull/7245)
Fixed in 18.10.4    (https://github.com/centreon/centreon/pull/7232)

CVE-2018-21023: Authenticated RCE in getStats.php
-------------------------------------------------
Details: https://github.com/centreon/centreon/pull/7083
Fixed in 2.8.28     (https://github.com/centreon/centreon/pull/7271)
Fixed in 18.10.5    (https://github.com/centreon/centreon/pull/7195)

CVE-2018-21024: Arbitrary File Upload in licenseUpload.php
----------------------------------------------------------
Details: https://github.com/centreon/centreon/pull/7085
Did not affect branch 2.8.x
Fixed in 18.10.4    (https://github.com/centreon/centreon/pull/7171)

CVE-2018-21021: Authenticated SQL injection in img_gantt.php
------------------------------------------------------------
Details: https://github.com/centreon/centreon/pull/7086
Fixed in 2.8.27     (https://github.com/centreon/centreon/pull/7169)
Fixed in 18.10.4    (https://github.com/centreon/centreon/pull/7086)

CVE-2018-21022: Authenticated SQL injection in makeXML_ListServices.php
-----------------------------------------------------------------------
Details: https://github.com/centreon/centreon/pull/7087
Fixed in 2.8.28     (https://github.com/centreon/centreon/pull/7229)
Fixed in 18.10.4    (https://github.com/centreon/centreon/pull/7229)

CVE-2019-17108: Stored XSS in brokerPerformance.php
---------------------------------------------------
Details: https://github.com/centreon/centreon/pull/7101
Fixed in 2.8.28     (https://github.com/centreon/centreon/pull/7226)
Fixed in 18.10.5    (https://github.com/centreon/centreon/pull/7227)

Medium impact
=============
CVE-2018-21025: Privilege Escalation in Centreon-VM
---------------------------------------------------
Details: https://github.com/centreon/centreon/issues/7082
Not yet fixed.
While checking if this was still possible in centreon-vm-19.04-2 (it is), I found another similar privesc which 
didn't exist at the time:
```
[root@centreon-central ~]# grep centreon_autodisco /etc/cron.d/centreon-auto-disco
30 22 * * * root /usr/share/centreon/www/modules/centreon-autodiscovery-server//cron/centreon_autodisco 
--config='/etc/centreon/conf.pm' --config-extra='/etc/centreon/centreon_autodisco.pm' --severity=error &gt;&gt; 
/var/log/centreon/centreon_auto_discovery.log 2&gt;&amp;1
[root@centreon-central ~]# ls -la 
/usr/share/centreon/www/modules/centreon-autodiscovery-server//cron/centreon_autodisco
-rwxr-xr-x 1 apache apache 4995482 24 avril 13:48 
/usr/share/centreon/www/modules/centreon-autodiscovery-server//cron/centreon_autodisco
```

CVE-2019-17104: Unsecured cookies in Centreon-VM
------------------------------------------------
Details: https://github.com/centreon/centreon/issues/7097
Not yet fixed.

CVE-2019-17106: Display of cleartext external passwords in modules
------------------------------------------------------------------
Details: https://github.com/centreon/centreon/issues/7098
Not yet fixed.

Low impact
==========
CVE-2018-21020: Type juggling on authentication in centreonAuth.class.php
-------------------------------------------------------------------------
Details: https://github.com/centreon/centreon/pull/7084
Fixed in 2.8.28     (https://github.com/centreon/centreon/pull/7084)
Fixed in 18.10.5    (https://github.com/centreon/centreon/pull/7219)

CVE-2019-17105: Usage of a predictable generator for a security token in index.php
----------------------------------------------------------------------------------
Details: https://github.com/centreon/centreon/pull/7100
Not fixed in 2.8.x  (https://github.com/centreon/centreon/pull/7224)
Fixed in 18.10.5    (commit 4faf5919f89bd06a5c25152c39ba3f25a4f16a81)

Acknowledgements
================
Thanks to Centreon for their quick and enthusiastic response as well as their commitment to patching.

Guillaume Quéré

<!--X-Body-of-Message-End-->
<!--X-MsgBody-End-->
<!--X-Follow-Ups-->

<!--X-Follow-Ups-End-->
<!--X-References-->
<!--X-References-End-->
<!--X-BotPNI-->

By Date

By Thread

Current thread:

Multiple vulnerabilities in Centreon-Web and Centreon-VM Guillaume Quéré (Oct 08)

Re: Multiple vulnerabilities in Centreon-Web and Centreon-VM Guillaume Quéré (Oct 08)

<!--X-BotPNI-End-->
<!--X-User-Footer-->
<!--X-User-Footer-End-->

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started