Centreon Infra Monitoring
Moderate fix3 remedies
cpe:2.3:a:centreon:centreon:*:*:*:*:*:*:*, +1 more
Moderate fix3 remedies
- >= 25.10.0, < 25.10.2
- >= 24.10.0, < 24.10.15
- >= 24.04.0, < 24.04.19
Centreon Infra Monitoring Missing Authorization Vulnerability Allowing Information Disclosure
Vulnerability
Patched
A missing authorization vulnerability has been identified in Centreon Infra Monitoring versions 25.10.0 prior to 25.10.2, 24.10.0 prior to 24.10.15, and 24.04.0 prior to 24.04.19. This vulnerability exists in the Administration parameters API endpoint for modules, where access control lists (ACLs) are not properly enforced. As a result, unauthorized users may gain access to sensitive information such as downtime or acknowledgment configurations.
Impact
Exploitation of this vulnerability could lead to unauthorized access to information regarding system downtime or acknowledgment settings, potentially allowing users to manipulate or misrepresent the status of monitored resources.
Remediation
Users can upgrade to Centreon versions 25.10.4, 24.10.16, or 24.04.20 to address this vulnerability.
Added: Jan 5, 2026, 11:27 AM
Updated: Jan 5, 2026, 11:27 AM
Vulnerability Rating
Custom Algorithm
spread
3.1impact
2.5exploitability
7.4remediation
7.7relevance
1.8threat
0.0urgency
2.9incentive
5.8Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.