First published: Wed Mar 29 2023(Updated: )
This vulnerability allows remote attackers to escalate privileges on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of requests to modify poller broker configuration. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to escalate privileges to the level of an administrator.
Credit: zdi-disclosures@trendmicro.com
Affected Software | Affected Version | How to fix |
---|---|---|
Centreon Centreon | <21.04.19 | |
Centreon Centreon | >=21.10.0<21.10.11 | |
Centreon Centreon | >=22.04.0<22.04.6 | |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2022-42426.
The title of the vulnerability is Centreon Poller Broker SQL Injection Privilege Escalation Vulnerability.
The severity of CVE-2022-42426 is high (8.8).
Centreon versions up to 21.04.19, 21.10.0 to 21.10.11, and 22.04.0 to 22.04.6 are affected by CVE-2022-42426.
Yes, authentication is required to exploit CVE-2022-42426.
The specific flaw of CVE-2022-42426 exists within the handling of requests to modify poller broker configuration, resulting from the lack of proper input validation.
The Common Weakness Enumeration (CWE) ID for CVE-2022-42426 is CWE-89.
To fix CVE-2022-42426, it is recommended to apply the latest security patches provided by Centreon and follow the recommendations in their security policy.