Primary

Context

Centreon Web Improper Privilege Management Vulnerability Allowing Privilege Escalation

Vulnerability

Patched

A privilege escalation vulnerability has been identified in Centreon Web versions 24.04.0 prior to 24.04.10 and 24.10.0 prior to 24.10.4. This issue arises in the API Token creation form, where a user with high privileges can generate an API token for an admin user and copy the token's value.

Impact

Exploitation of this vulnerability allows a user with high privileges to create an API token for an admin user, potentially leading to unauthorized access or actions on behalf of the admin.

Remediation

Users are advised to update to Centreon Web 24.10.4 or 24.04.10, both of which include cumulative fixes from prior updates.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

5.0

exploitability

4.8

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

5.0

exploitability

4.8

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Centreon Web Improper Privilege Management Vulnerability Allowing Privilege Escalation

Vulnerability

Impact

Remediation

Affected Products

Centreon

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating