CVE-2024-0637

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2024-0637

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-0637.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-0637

Aliases

GHSA-22v7-v3mj-pm8r

Published

2024-04-01T22:15:11.443Z

Modified

2026-02-13T02:40:10.449708Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

Centreon updateDirectory SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Centreon. Authentication is required to exploit this vulnerability.

The specific flaw exists within the updateDirectory function. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-22294.

References

Affected packages

Git / github.com/centreon/centreon

Affected ranges

Type: GIT
Repo: https://github.com/centreon/centreon
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

b0c74f195b1b48c7af9ec168db3cfbcade99da7f

Introduced

272591f468f73162aa9d790799d68db86648ac2e

Fixed

ae3e65aa021a2deec452742b8ff09f8f63cdd40d

Introduced

65a95e7459a02268291f42ad19907b6b66f3e6e2

Fixed

7da889f8f1611f0bd65bf6d798801eb7f21c00d0

Introduced

755448bcd365969a97e902b856a1e5f56d80adaa

Fixed

c5a9b088358a21efc8f8f7a199b89fd7ef2a3b9c

Affected versions

centreon-awie-22.*

centreon-awie-22.10.0

centreon-awie-23.*

centreon-awie-23.04.0

centreon-awie-23.04.1

centreon-awie-23.10.0

centreon-dsm-22.*

centreon-dsm-22.10.0

centreon-dsm-22.10.1

centreon-dsm-23.*

centreon-dsm-23.04.0

centreon-dsm-23.04.1

centreon-dsm-23.04.2

centreon-dsm-23.10.0

centreon-dsm-23.10.1

centreon-dsm-23.10.2

centreon-dsm-23.10.3

centreon-dsm-23.10.4

centreon-gorgone-22.*

centreon-gorgone-22.10.0

centreon-gorgone-22.10.1

centreon-gorgone-22.10.2

centreon-gorgone-22.10.3

centreon-gorgone-23.*

centreon-gorgone-23.04.0

centreon-gorgone-23.04.1

centreon-gorgone-23.04.2

centreon-gorgone-23.04.3

centreon-gorgone-23.04.4

centreon-gorgone-23.04.5

centreon-gorgone-23.04.6

centreon-gorgone-23.04.7

centreon-gorgone-23.04.8

centreon-gorgone-23.04.9

centreon-gorgone-23.10.0

centreon-gorgone-23.10.1

centreon-gorgone-23.10.2

centreon-gorgone-23.10.3

centreon-gorgone-23.10.5

centreon-gorgone-23.10.6

centreon-gorgone-23.10.7

centreon-gorgone-23.10.8

centreon-gorgone-23.10.9

centreon-ha-22.*

centreon-ha-22.10.0

centreon-ha-22.10.1

centreon-ha-23.*

centreon-ha-23.04.0

centreon-ha-23.10.0

centreon-ha-23.10.1

centreon-open-tickets-22.*

centreon-open-tickets-22.10.0

centreon-open-tickets-22.10.1

centreon-open-tickets-22.10.2

centreon-open-tickets-23.*

centreon-open-tickets-23.04.0

centreon-open-tickets-23.04.1

centreon-open-tickets-23.04.2

centreon-open-tickets-23.10.0

centreon-open-tickets-23.10.1

centreon-open-tickets-23.10.2

centreon-open-tickets-23.10.3

centreon-web-22.*

centreon-web-22.10.10

centreon-web-22.10.11

centreon-web-22.10.12

centreon-web-22.10.13

centreon-web-22.10.14

centreon-web-22.10.15

centreon-web-22.10.16

centreon-web-22.10.2

centreon-web-22.10.3

centreon-web-22.10.4

centreon-web-22.10.5

centreon-web-22.10.6

centreon-web-22.10.7

centreon-web-22.10.8

centreon-web-22.10.9

centreon-web-23.*

centreon-web-23.04.0

centreon-web-23.04.1

centreon-web-23.04.10

centreon-web-23.04.11

centreon-web-23.04.12

centreon-web-23.04.2

centreon-web-23.04.3

centreon-web-23.04.4

centreon-web-23.04.5

centreon-web-23.04.6

centreon-web-23.04.7

centreon-web-23.04.8

centreon-web-23.04.9

centreon-web-23.10.0

centreon-web-23.10.1

centreon-web-23.10.11

centreon-web-23.10.12

centreon-web-23.10.13

centreon-web-23.10.14

centreon-web-23.10.15

centreon-web-23.10.16

centreon-web-23.10.17

centreon-web-23.10.18

centreon-web-23.10.19

centreon-web-23.10.2

centreon-web-23.10.20

centreon-web-23.10.21

centreon-web-23.10.22

centreon-web-23.10.23

centreon-web-23.10.24

centreon-web-23.10.25

centreon-web-23.10.26

centreon-web-23.10.27

centreon-web-23.10.3

centreon-web-23.10.4

centreon-web-23.10.5

centreon-web-23.10.6

centreon-web-23.10.7

centreon-web-23.10.8

centreon-web-23.10.9

centreon-widget-engine-status-22.*

centreon-widget-engine-status-22.10.0

centreon-widget-engine-status-22.10.1

centreon-widget-engine-status-23.*

centreon-widget-engine-status-23.04.0

centreon-widget-engine-status-23.04.1

centreon-widget-engine-status-23.10.0

centreon-widget-global-health-22.*

centreon-widget-global-health-22.10.0

centreon-widget-global-health-22.10.1

centreon-widget-global-health-23.*

centreon-widget-global-health-23.04.0

centreon-widget-global-health-23.04.1

centreon-widget-global-health-23.10.0

centreon-widget-graph-monitoring-22.*

centreon-widget-graph-monitoring-22.10.0

centreon-widget-graph-monitoring-22.10.1

centreon-widget-graph-monitoring-23.*

centreon-widget-graph-monitoring-23.04.0

centreon-widget-graph-monitoring-23.04.2

centreon-widget-graph-monitoring-23.10.0

centreon-widget-graph-monitoring-23.10.1

centreon-widget-grid-map-22.*

centreon-widget-grid-map-22.10.0

centreon-widget-host-monitoring-22.*

centreon-widget-host-monitoring-22.10.0

centreon-widget-host-monitoring-22.10.1

centreon-widget-host-monitoring-23.*

centreon-widget-host-monitoring-23.04.0

centreon-widget-host-monitoring-23.04.1

centreon-widget-host-monitoring-23.10.0

centreon-widget-host-monitoring-23.10.1

centreon-widget-host-monitoring-23.10.2

centreon-widget-host-monitoring-23.10.4

centreon-widget-hostgroup-monitoring-22.*

centreon-widget-hostgroup-monitoring-22.10.0

centreon-widget-hostgroup-monitoring-22.10.1

centreon-widget-hostgroup-monitoring-23.*

centreon-widget-hostgroup-monitoring-23.04.0

centreon-widget-hostgroup-monitoring-23.04.1

centreon-widget-hostgroup-monitoring-23.10.0

centreon-widget-hostgroup-monitoring-23.10.1

centreon-widget-hostgroup-monitoring-23.10.2

centreon-widget-httploader-22.*

centreon-widget-httploader-22.10.0

centreon-widget-httploader-23.*

centreon-widget-httploader-23.04.0

centreon-widget-httploader-23.10.0

centreon-widget-live-top10-cpu-usage-22.*

centreon-widget-live-top10-cpu-usage-22.10.0

centreon-widget-live-top10-cpu-usage-22.10.1

centreon-widget-live-top10-cpu-usage-23.*

centreon-widget-live-top10-cpu-usage-23.04.0

centreon-widget-live-top10-cpu-usage-23.04.1

centreon-widget-live-top10-cpu-usage-23.10.0

centreon-widget-live-top10-cpu-usage-23.10.1

centreon-widget-live-top10-memory-usage-22.*

centreon-widget-live-top10-memory-usage-22.10.0

centreon-widget-live-top10-memory-usage-22.10.1

centreon-widget-live-top10-memory-usage-23.*

centreon-widget-live-top10-memory-usage-23.04.0

centreon-widget-live-top10-memory-usage-23.04.1

centreon-widget-live-top10-memory-usage-23.10.0

centreon-widget-live-top10-memory-usage-23.10.1

centreon-widget-ntopng-listing-22.*

centreon-widget-ntopng-listing-22.10.0

centreon-widget-ntopng-listing-23.*

centreon-widget-ntopng-listing-23.04.0

centreon-widget-ntopng-listing-23.10.0

centreon-widget-service-monitoring-22.*

centreon-widget-service-monitoring-22.10.0

centreon-widget-service-monitoring-22.10.2

centreon-widget-service-monitoring-22.10.3

centreon-widget-service-monitoring-23.*

centreon-widget-service-monitoring-23.04.0

centreon-widget-service-monitoring-23.04.1

centreon-widget-service-monitoring-23.10.0

centreon-widget-service-monitoring-23.10.1

centreon-widget-service-monitoring-23.10.2

centreon-widget-servicegroup-monitoring-22.*

centreon-widget-servicegroup-monitoring-22.10.0

centreon-widget-servicegroup-monitoring-22.10.1

centreon-widget-servicegroup-monitoring-23.*

centreon-widget-servicegroup-monitoring-23.04.0

centreon-widget-servicegroup-monitoring-23.04.1

centreon-widget-servicegroup-monitoring-23.10.0

centreon-widget-servicegroup-monitoring-23.10.1

centreon-widget-servicegroup-monitoring-23.10.3

centreon-widget-single-metric-22.*

centreon-widget-single-metric-22.10.0

centreon-widget-single-metric-22.10.1

centreon-widget-single-metric-23.*

centreon-widget-single-metric-23.04.0

centreon-widget-single-metric-23.04.1

centreon-widget-single-metric-23.10.0

centreon-widget-tactical-overview-22.*

centreon-widget-tactical-overview-22.10.0

centreon-widget-tactical-overview-22.10.1

centreon-widget-tactical-overview-23.*

centreon-widget-tactical-overview-23.04.0

centreon-widget-tactical-overview-23.04.1

centreon-widget-tactical-overview-23.10.0

js-config-22.*

js-config-22.10.4

ui-22.*

ui-22.10.6

ui-22.10.7

ui-22.10.8

ui-context-22.*

ui-context-22.10.2

ui-context-22.10.3

ui-context-22.10.4

ui-context-22.10.5

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-0637.json"