CVE-2025-4649

MEDIUM Year: 2025
CVSS v3 Score
4.9
Medium
Weakness Type
CWE-269
View all →

Vulnerability Description

Improper Privilege Management vulnerability in Centreon web allows Privilege Escalation. ACL are not correctly taken into account in the display of the "event logs" page. This page requiring, high privileges, will display all available logs. This issue affects web: from 24.10.3 before 24.10.4, from 24.04.09 before 24.04.10, from 23.10.19 before 23.10.21, from 23.04.24 before 23.04.26.

Related Vulnerabilities

CVE-2017-15052

MEDIUM
CVSS:4.9(Medium)

TeamPass before 2.1.27.9 does not properly enforce manager access control when requesting users.queries.php. It is then possible for a manager user to delete an arbitrary user (including admin), or mo...

CWE-2692017

CVE-2017-15053

MEDIUM
CVSS:4.9(Medium)

TeamPass before 2.1.27.9 does not properly enforce manager access control when requesting roles.queries.php. It is then possible for a manager user to modify any arbitrary roles within the application...

CWE-2692017

CVE-2018-15321

MEDIUM
CVSS:4.9(Medium)

When BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.0.5, 12.1.0-12.1.3.5, 11.6.0-11.6.3.2, or 11.2.1-11.5.6, BIG-IQ Centralized Management 5.0.0-5.4.0 or 4.6.0, BIG-IQ Cloud and Orchestration 1.0.0, iWorkflow 2....

CWE-2692018

CVE-2020-23128

MEDIUM
CVSS:4.9(Medium)

Chamilo LMS 1.11.10 does not properly manage privileges which could allow a user with Sessions administrator privilege to create a new user then use the edit user function to change this new user to a...

CWE-2692020

CVE-2023-6507

MEDIUM
CVSS:4.9(Medium)

An issue was found in CPython 3.12.0 `subprocess` module on POSIX platforms. The issue was fixed in CPython 3.12.1 and does not affect other stable releases. When using the `extra_groups=` parameter w...

CWE-2692023