Use of Insufficiently Random Values
CVE-2021-28055
Summary
An issue was discovered in Centreon-Web in Centreon Platform 18.10.6 through 19.10.22, 20.04.0 through 20.04.12, 20.10.0 through 20.10.6, and before 2.8.37. The anti-CSRF token generation is predictable, which might allow CSRF attacks that add an admin user.
- LOW
- NETWORK
- HIGH
- UNCHANGED
- REQUIRED
- NONE
- NONE
- NONE
CWE-330 - Use of Insufficiently Random Values
The software uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.
References
Advisory Timeline
- Published