Centreon Web 2.8.30¶
Documentation¶
Correct migration using nagios reader (PR/#7781)
Security¶
Avoid SQL injections in multiple monitoring pages - CVE-2019-17647 (PR/#8029, PR/#8094)
Contact list using escapeSecure method (PR/#7947)
Control directory indexes with an htaccess (PR/#8115)
Do not allow to get all services using downtime ajax file - CVE-2019-17643 (PR/#8022)
Escape myAccount special characters - CVE-2019-16195 (PR/#7876)
Escape persistent and reflected XSS in my account (PR/#7865)
Escape script and input tags by default (PR/#7811)
Fix default contact_autologin_key value
Fix security on LDAP page - CVE-2019-15300 (PR/#8009)
Hide password in command line (#7414, PR/#7883)
RCE on mib import from manufacturer input - CVE-2019-15298 (PR/#8023)
Remove command test execution - CVE-2019-16405 (PR/#7884)
Sanitize host_id and service_id (PR/#7880)
Session fixation using regenerate_session_id (PR/#7893)