Skip to main content

Direct Request ('Forced Browsing')

CVE-2019-17644

Severity High
Score 7.5/10

Summary

An issue was discovered in Centreon before 2.8.30, 2.99.x, 18.10.x before 18.10.9, 19.04.x before 19.04.6, and 19.10.x before 19.10.3. It provides sensitive information via an unauthenticated direct request for include/configuration/configObject/host/refreshMacroAjax.php.

  • LOW
  • NETWORK
  • NONE
  • UNCHANGED
  • NONE
  • NONE
  • HIGH
  • NONE

CWE-425 - Direct Request ('Forced Browsing')

The web application does not adequately enforce appropriate authorization on all restricted URLs, scripts, or files.

Advisory Timeline

  • Published