Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-c444-ryqk-vqhx
Vulnerability ID VCID-c444-ryqk-vqhx
Aliases CVE-2021-28055
GHSA-7rg4-266c-jqw6
Summary Cross-Site Request Forgery (CSRF) An issue was discovered in Centreon-Web in Centreon Platform The anti-CSRF token generation is predictable, which might allow CSRF attacks that add an admin user.
Status Published
Exploitability 0.5
Weighted Severity 6.2
Risk 3.1
Affected and Fixed Packages Package Details
Weaknesses (4)
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-330 Use of Insufficiently Random Values
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-352 Cross-Site Request Forgery (CSRF)
System Score Found at
epss 0.00085 https://api.first.org/data/v1/epss?cve=CVE-2021-28055
cvssv3.1 6.5 https://github.com/centreon/centreon
generic_textual MODERATE https://github.com/centreon/centreon
cvssv3.1 6.5 https://github.com/centreon/centreon/commit/0261d4b250135eb513fdb7d52ba6fdeb19c6863f
generic_textual MODERATE https://github.com/centreon/centreon/commit/0261d4b250135eb513fdb7d52ba6fdeb19c6863f
cvssv3.1 6.5 https://github.com/centreon/centreon/commit/626d3fb91cef402df0ebda5a8165d8f45da67c7a
generic_textual MODERATE https://github.com/centreon/centreon/commit/626d3fb91cef402df0ebda5a8165d8f45da67c7a
cvssv3.1 6.5 https://github.com/centreon/centreon/pull/9612
generic_textual MODERATE https://github.com/centreon/centreon/pull/9612
cvssv3.1 6.5 https://github.com/centreon/centreon/releases/tag/19.10.23
generic_textual MODERATE https://github.com/centreon/centreon/releases/tag/19.10.23
cvssv3.1 6.5 https://github.com/centreon/centreon/releases/tag/2.8.37
generic_textual MODERATE https://github.com/centreon/centreon/releases/tag/2.8.37
cvssv3.1 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-28055
generic_textual MODERATE https://nvd.nist.gov/vuln/detail/CVE-2021-28055
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2021-28055
https://github.com/centreon/centreon
https://github.com/centreon/centreon/commit/0261d4b250135eb513fdb7d52ba6fdeb19c6863f
https://github.com/centreon/centreon/commit/626d3fb91cef402df0ebda5a8165d8f45da67c7a
https://github.com/centreon/centreon/pull/9612
https://github.com/centreon/centreon/releases/tag/19.10.23
https://github.com/centreon/centreon/releases/tag/2.8.37
CVE-2021-28055 https://nvd.nist.gov/vuln/detail/CVE-2021-28055
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N Found at https://github.com/centreon/centreon
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N Found at https://github.com/centreon/centreon/commit/0261d4b250135eb513fdb7d52ba6fdeb19c6863f
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N Found at https://github.com/centreon/centreon/commit/626d3fb91cef402df0ebda5a8165d8f45da67c7a
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N Found at https://github.com/centreon/centreon/pull/9612
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N Found at https://github.com/centreon/centreon/releases/tag/19.10.23
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N Found at https://github.com/centreon/centreon/releases/tag/2.8.37
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2021-28055
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.2471
EPSS Score 0.00085
Published At June 4, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-06-04T16:21:02.323711+00:00 GitLab Importer Import https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/centreon/centreon/CVE-2021-28055.yml 38.6.0