Vulnerabilities
Projects
Vulnerability Disclosure
About Us
Contact Us
Mend.io Vulnerability Database
What is a WS vulnerability ID?
What is an MSC vulnerability ID?
We found results for “”
CVE-2019-15299
Good to know:
Date: February 24, 2020
An issue was discovered in Centreon Web through 19.04.3. When a user changes his password on his profile page, the contact_autologin_key field in the database becomes blank when it should be NULL. This makes it possible to partially bypass authentication.
Language: PHP
Severity Score
Related Resources (5)
Severity Score
Weakness Type (CWE)
Improper Authentication
CWE-287Top Fix
Upgrade Version
Upgrade to version centreon/centreon - dev-6039-trap-services-with-multiple-hosts;centreon/centreon - dev-broken-translation;centreon/centreon - 497.x-dev;centreon/centreon - dev-MON-3477-improve-chart-performance;centreon/centreon - dev-enh(unattended)-display-full-log-messages;centreon/centreon - 18.10.8;centreon/centreon - 19.04.5;centreon/centreon - dev-fix-memory-limit;centreon/centreon - dev-fix/jenkinsfile_docker_build;centreon/centreon - dev-hotfix-MON-XXXXX-index-data;centreon/centreon - dev-pest-phpstan
CVSS v3.1
| Base Score: |
|
|---|---|
| Attack Vector (AV): | NETWORK |
| Attack Complexity (AC): | LOW |
| Privileges Required (PR): | LOW |
| User Interaction (UI): | NONE |
| Scope (S): | UNCHANGED |
| Confidentiality (C): | HIGH |
| Integrity (I): | HIGH |
| Availability (A): | HIGH |
CVSS v2
| Base Score: |
|
|---|---|
| Access Vector (AV): | NETWORK |
| Access Complexity (AC): | LOW |
| Authentication (AU): | SINGLE |
| Confidentiality (C): | PARTIAL |
| Integrity (I): | PARTIAL |
| Availability (A): | PARTIAL |
| Additional information: |