An issue was discovered in Centreon before 2.8.31, 18.10.9, 19.04.6, and 19.10.3. It provides sensitive information via an unauthenticated direct request for include/configuration/configObject/service/refreshMacroAjax.php.
The web application does not adequately enforce appropriate authorization on all restricted URLs, scripts, or files.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Centreon | Centreon | * | * |
Centreon | Centreon | 18.0.0 | * |
Centreon | Centreon | 19.04.0 | * |
Centreon | Centreon | 19.10.0 | * |