Cloud Vulnerability DB
A community-led vulnerabilities database
Vulnerability DatabaseCVE-2019-17646
CVE-2019-17646:
Centreon vulnerability analysis and mitigation
Overview
An issue was discovered in Centreon before 18.10.8, 19.04.5, and 19.10.2. It provides sensitive information via an unauthenticated direct request for api/external.php?object=centreon_metric&action=listByService (NVD, Security Tracker).
Technical details
The vulnerability allows unauthenticated access to sensitive information through a direct API endpoint. Specifically, the issue exists in the api/external.php file when making requests with the parameters object=centreon_metric and action=listByService. This vulnerability was fixed in Centreon versions 18.10.8, 19.04.5, and 19.10.2 by implementing proper access controls (Centreon Docs).
Impact
The vulnerability exposes sensitive monitoring metrics and service information to unauthenticated users, potentially revealing internal system details and configuration that could be used by attackers to plan further attacks (NVD).
Mitigation and workarounds
The recommended mitigation is to upgrade to Centreon version 18.10.8, 19.04.5, or 19.10.2 or later which includes fixes for this vulnerability. The fix implements proper authentication checks for API access (Centreon Docs).
Additional resources
Source: This report was generated using AI
Related Centreon vulnerabilities:
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management