CVE-2021-26804

MEDIUM

Description

Insecure Permissions in Centreon Web versions 19.10.18, 20.04.8, and 20.10.2 allows remote attackers to bypass validation by changing any file extension to ".gif", then uploading it in the "Administration/ Parameters/ Images" section of the application.

References

https://medium.com/@pedro.ferreira.phf/vulnerability-affecting-some-versions-of-centreon-2b34bd6dc621

Details

Source: MITRE

Published: 2021-05-04

Updated: 2021-05-12

Type: CWE-276

Risk Information

CVSS v2.0

Base Score: 4

Vector: AV:N/AC:L/Au:S/C:N/I:P/A:N

Impact Score: 2.9

Exploitability Score: 8

Severity: MEDIUM

CVSS v3.0

Base Score: 6.5

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Impact Score: 3.6

Exploitability Score: 2.8

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:centreon:centreon_web:19.10.18:*:*:*:*:*:*:*

cpe:2.3:a:centreon:centreon_web:20.04.8:*:*:*:*:*:*:*

cpe:2.3:a:centreon:centreon_web:20.10.2:*:*:*:*:*:*:*