GHSA-7rg4-266c-jqw6

Source
https://github.com/advisories/GHSA-7rg4-266c-jqw6
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/06/GHSA-7rg4-266c-jqw6/GHSA-7rg4-266c-jqw6.json
Aliases
  • CVE-2021-28055
Published
2021-06-08T20:12:56Z
Modified
2023-11-08T04:05:28.093844Z
Details

An issue was discovered in Centreon-Web in Centreon Platform 20.10.0. The anti-CSRF token generation is predictable, which might allow CSRF attacks that add an admin user.

References

Affected packages

Packagist / centreon/centreon

Package

Name
centreon/centreon

Affected ranges

Type
ECOSYSTEM
Events
Introduced
20.10.0
Fixed
20.10.7

Affected versions

20.*

20.10.0
20.10.1
20.10.2
20.10.3
20.10.4
20.10.5
20.10.6

Packagist / centreon/centreon

Package

Name
centreon/centreon

Affected ranges

Type
ECOSYSTEM
Events
Introduced
20.04.0
Fixed
20.04.13

Affected versions

20.*

20.04.0
20.04.2
20.04.3
20.04.4
20.04.6
20.04.7
20.04.8
20.04.9
20.04.10
20.04.11
20.04.12

Packagist / centreon/centreon

Package

Name
centreon/centreon

Affected ranges

Type
ECOSYSTEM
Events
Introduced
19.10.0
Fixed
19.10.23

Affected versions

19.*

19.10.0
19.10.1
19.10.2
19.10.3
19.10.4
19.10.5
19.10.6
19.10.7
19.10.8
19.10.9
19.10.10
19.10.12
19.10.13
19.10.14
19.10.15
19.10.16
19.10.17
19.10.18
19.10.19
19.10.20
19.10.21
19.10.22

Packagist / centreon/centreon

Package

Name
centreon/centreon

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0The exact introduced commit is unknown
Fixed
2.8.37

Affected versions

2.*

2.7.3