CVE-2022-42429: 
Centreon vulnerability analysis and mitigation

This vulnerability (CVE-2022-42429) affects Centreon installations and was discovered in 2022. The vulnerability allows remote attackers to escalate privileges on affected Centreon systems, though authentication is required for exploitation. The issue was fixed in Centreon Web versions 21.04.19, 21.10.11, and 22.04.6 (ZDI Advisory).

The vulnerability exists within the handling of requests to modify poller broker configuration. The specific flaw stems from the lack of proper validation of user-supplied strings before using them to construct SQL queries. The vulnerability has been assigned a CVSS v3.0 score of 7.2 (High) with the vector: AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H, indicating network accessibility with low attack complexity, though requiring high privileges (ZDI Advisory).

An attacker who successfully exploits this vulnerability can leverage it to escalate their privileges to the level of an administrator. This could potentially give them full control over the affected Centreon installation (ZDI Advisory).

The vulnerability has been patched in multiple versions of Centreon Web: version 21.04.19, version 21.10.11, and version 22.04.6. Users are advised to upgrade to these or newer versions to protect against this vulnerability (ZDI Advisory).