Home > Vulnerability Database > CVE-2019-17108

Mend.io Vulnerability Database

CVE-2019-17108

Good to know:

Date: October 8, 2019

Local file inclusion in brokerPerformance.php in Centreon Web before 2.8.28 allows attackers to disclose information or perform a stored XSS attack on a user.

Language: PHP

Severity Score

6.1

Related Resources (5)

Url: https://nvd.nist.gov/vuln/detail/CVE-2019-17108

Url: http://www.openwall.com/lists/oss-security/2019/10/09/2

Url: https://github.com/centreon/centreon/pull/7101

Url: https://www.openwall.com/lists/oss-security/2019/10/08/1

Url: https://www.mend.io/vulnerability-database/CVE-2019-17108

Severity Score

6.1

Weakness Type (CWE)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-79

Top Fix

Upgrade Version

Upgrade to version centreon/centreon - dev-improve_snmpd_config;centreon/centreon - help;centreon/centreon - dev-remove-add-widget-from-tests;centreon/centreon - dev-prepare-web-191023-rn;centreon/centreon - dev-poc-swc;centreon/centreon - dev-MON-3201;centreon/centreon - dev-MON-6204-check-command;centreon/centreon - dev-change_home_centreon;centreon/centreon - dev-refacto-security-arch;centreon/centreon - dev-fixing-jenkinsfile;centreon/centreon - 2.8.20;centreon/centreon - 2.7.4;centreon/centreon - dev-separat-codeowners-lines;centreon/centreon - dev-fix_chmod_unnecessary;centreon/centreon - dev-fix-memory-limit;centreon/centreon - dev-filter-graph-with-graphs;centreon/centreon - dev-double-unstash;centreon/centreon - dev-fully-handle-default-ack-options;centreon/centreon - dev-MON-12220-Replace-Header-scss-module-with-material-makeStyles(pollerMenu);centreon/centreon - dev-broken-translation;centreon/centreon - dev-poc-loadbalancer;centreon/centreon - 2.7.1;centreon/centreon - dev-hide-macro-password;centreon/centreon - dev-command-poc;centreon/centreon - 497.x-dev;centreon/centreon - dev-fix/jenkinsfile_docker_build;centreon/centreon - dev-refacto-rest-api-v1;centreon/centreon - dev-realign-front-master;centreon/centreon - dev-failed-installation-due-to-debug;centreon/centreon - dev-bam-393-new-cc-merge-master;centreon/centreon - dev-set_public_snmpd_c;centreon/centreon - dev-DEVOPS-206-update-eslint-config;centreon/centreon - dev-try-fix-ldap

Learn More

CVSS v3.1

Base Score:	6.1
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	CHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	NONE

CVSS v2

Base Score:	4.3
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	NONE
Integrity (I):	PARTIAL
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2019-17108

Good to know:

Date: October 8, 2019

Language: PHP

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?