CVE-2022-34872

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2022-34872
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-34872.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-34872
Published
2022-08-03T16:15:08.553Z
Modified
2026-04-10T04:49:29.527914Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of Virtual Metrics. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-16336.

References

Affected packages

Git / github.com/centreon/centreon

Affected ranges

Type
GIT
Repo
https://github.com/centreon/centreon
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
a7a13dd50eb75a9e195520446cf7805ae5f8d417
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "21.10.2"
        }
    ]
}

Affected versions

centreon-awie-21.*
centreon-awie-21.10.0
centreon-awie-21.10.1
centreon-dsm-21.*
centreon-dsm-21.10.0
centreon-dsm-21.10.1
centreon-gorgone-21.*
centreon-gorgone-21.10.3
centreon-gorgone-21.10.4
centreon-ha-21.*
centreon-ha-21.10.0
centreon-open-tickets-21.*
centreon-open-tickets-21.10.1
centreon-open-tickets-21.10.2
centreon-web-21.*
centreon-web-21.10.13
centreon-web-21.10.14
centreon-widget-engine-status-21.*
centreon-widget-engine-status-21.10.0
centreon-widget-global-health-21.*
centreon-widget-global-health-21.10.1
centreon-widget-graph-monitoring-21.*
centreon-widget-graph-monitoring-21.10.0
centreon-widget-grid-map-21.*
centreon-widget-grid-map-21.10.0
centreon-widget-host-monitoring-21.*
centreon-widget-host-monitoring-21.10.0
centreon-widget-hostgroup-monitoring-21.*
centreon-widget-hostgroup-monitoring-21.10.0
centreon-widget-httploader-21.*
centreon-widget-httploader-21.10.0
centreon-widget-live-top10-cpu-usage-21.*
centreon-widget-live-top10-cpu-usage-21.10.0
centreon-widget-live-top10-memory-usage-21.*
centreon-widget-live-top10-memory-usage-21.10.0
centreon-widget-service-monitoring-21.*
centreon-widget-service-monitoring-21.10.1
centreon-widget-service-monitoring-21.10.2
centreon-widget-servicegroup-monitoring-21.*
centreon-widget-servicegroup-monitoring-21.10.0
centreon-widget-servicegroup-monitoring-21.10.1
centreon-widget-tactical-overview-21.*
centreon-widget-tactical-overview-21.10.0

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-34872.json"