CVE-2021-26804

Published: May 4, 2021Modified: Nov 21, 2024

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

Insecure Permissions in Centreon Web versions 19.10.18, 20.04.8, and 20.10.2 allows remote attackers to bypass validation by changing any file extension to ".gif", then uploading it in the "Administration/ Parameters/ Images" section of the application.

Affected (3)

Products: Centreon: Centreon Web

1 product

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Centreon Centreon Web	Version 19.10.18
Centreon Centreon Web	Version 20.04.8
Centreon Centreon Web	Version 20.10.2

Related CWEs

Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

References (2)

https://medium.com/%40pedro.ferreira.phf/vulnerability-affecting-some-versions-of-centreon-2b34bd6dc621

Source: cve@mitre.org

https://medium.com/%40pedro.ferreira.phf/vulnerability-affecting-some-versions-of-centreon-2b34bd6dc621

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.