CVE-2022-42426

Source
https://cve.org/CVERecord?id=CVE-2022-42426
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-42426.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-42426
Published
2023-03-29T00:00:00Z
Modified
2026-07-15T01:49:11.264145252Z
Severity
  • 7.2 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

This vulnerability allows remote attackers to escalate privileges on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of requests to modify poller broker configuration. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to escalate privileges to the level of an administrator. Was ZDI-CAN-18554.

Database specific
{
    "cna_assigner": "zdi",
    "cwe_ids": [
        "CWE-89"
    ],
    "unresolved_ranges": [
        {
            "source": "AFFECTED_FIELD",
            "extracted_events": [
                {
                    "introduced": "22.04"
                },
                {
                    "last_affected": "22.04"
                }
            ]
        }
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/42xxx/CVE-2022-42426.json"
}
References

Affected packages

Git / github.com/centreon/centreon

Affected ranges

Type
GIT
Repo
https://github.com/centreon/centreon
Events
Database specific
{
    "source": "CPE_RANGE",
    "cpe": "cpe:2.3:a:centreon:centreon:*:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "22.04.0"
        },
        {
            "fixed": "22.04.6"
        }
    ]
}

Affected versions

centreon-awie-22.*
centreon-awie-22.04.0
centreon-awie-22.04.1
centreon-awie-22.04.2
centreon-awie-22.04.3
centreon-dsm-22.*
centreon-dsm-22.04.0
centreon-dsm-22.04.1
centreon-dsm-22.04.2
centreon-frontend-22.*
centreon-frontend-22.04.0
centreon-frontend-22.04.1
centreon-gorgone-22.*
centreon-gorgone-22.04.1
centreon-gorgone-22.04.2
centreon-gorgone-22.04.3
centreon-gorgone-22.04.4
centreon-gorgone-22.04.5
centreon-ha-22.*
centreon-ha-22.04.0
centreon-ha-22.04.1
centreon-ha-22.04.2
centreon-open-tickets-22.*
centreon-open-tickets-22.04.0
centreon-open-tickets-22.04.1
centreon-open-tickets-22.04.2
centreon-web-22.*
centreon-web-22.04.10
centreon-web-22.04.11
centreon-web-22.04.12
centreon-web-22.04.13
centreon-web-22.04.14
centreon-web-22.04.15
centreon-web-22.04.16
centreon-web-22.04.17
centreon-web-22.04.18
centreon-web-22.04.19
centreon-web-22.04.20
centreon-web-22.04.21
centreon-web-22.04.7
centreon-web-22.04.8
centreon-web-22.04.9
centreon-widget-engine-status-22.*
centreon-widget-engine-status-22.04.0
centreon-widget-engine-status-22.04.1
centreon-widget-global-health-22.*
centreon-widget-global-health-22.04.0
centreon-widget-global-health-22.04.1
centreon-widget-graph-monitoring-22.*
centreon-widget-graph-monitoring-22.04.0
centreon-widget-graph-monitoring-22.04.1
centreon-widget-grid-map-22.*
centreon-widget-grid-map-22.04.0
centreon-widget-host-monitoring-22.*
centreon-widget-host-monitoring-22.04.0
centreon-widget-host-monitoring-22.04.1
centreon-widget-hostgroup-monitoring-22.*
centreon-widget-hostgroup-monitoring-22.04.0
centreon-widget-hostgroup-monitoring-22.04.1
centreon-widget-httploader-22.*
centreon-widget-httploader-22.04.0
centreon-widget-httploader-22.04.1
centreon-widget-live-top10-cpu-usage-22.*
centreon-widget-live-top10-cpu-usage-22.04.0
centreon-widget-live-top10-cpu-usage-22.04.1
centreon-widget-live-top10-memory-usage-22.*
centreon-widget-live-top10-memory-usage-22.04.0
centreon-widget-live-top10-memory-usage-22.04.1
centreon-widget-ntopng-listing-22.*
centreon-widget-ntopng-listing-22.04.0
centreon-widget-ntopng-listing-22.04.1
centreon-widget-service-monitoring-22.*
centreon-widget-service-monitoring-22.04.0
centreon-widget-service-monitoring-22.04.1
centreon-widget-service-monitoring-22.04.2
centreon-widget-servicegroup-monitoring-22.*
centreon-widget-servicegroup-monitoring-22.04.0
centreon-widget-servicegroup-monitoring-22.04.1
centreon-widget-servicegroup-monitoring-22.04.2
centreon-widget-single-metric-22.*
centreon-widget-single-metric-22.04.0
centreon-widget-single-metric-22.04.1
centreon-widget-tactical-overview-22.*
centreon-widget-tactical-overview-22.04.0
centreon-widget-tactical-overview-22.04.1

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-42426.json"