Direct Request ('Forced Browsing')
CVE-2019-17645
Summary
An issue was discovered in Centreon before 2.8.31, 2.99.x, 18.10.x before 18.10.9, 19.04.x before 19.04.6 and 19.10.x before 19.10.3. It provides sensitive information via an unauthenticated direct request for include/configuration/configObject/service/refreshMacroAjax.php.
- LOW
- NETWORK
- NONE
- UNCHANGED
- NONE
- NONE
- HIGH
- NONE
CWE-425 - Direct Request ('Forced Browsing')
The web application does not adequately enforce appropriate authorization on all restricted URLs, scripts, or files.
Advisory Timeline
- Published