Incorrect Default Permissions
CVE-2021-26804
Summary
Insecure Permissions in Centreon Web versions before 19.10.18, 20.04.8, and 20.10.2 allows remote attackers to bypass validation by changing any file extension to ".gif", then uploading it in the "Administration/ Parameters/ Images" section of the application.
- LOW
- NETWORK
- HIGH
- UNCHANGED
- NONE
- LOW
- NONE
- NONE
CWE-276 - Incorrect Default Permissions
During installation, installed file permissions are set to allow anyone to modify those files.
References
Advisory Timeline
- Published
