Skip to content

Security: centreon/centreon

SECURITY.md

Security Acknowledgement

Centreon is committed to the security of its product and services and is continuously improving policies, processes, and products to meet the highest standards.

We acknowledge that Centreon users and security researchers following our Centreon Security Policy to report vulnerabilities are key to the success of this commitment. If you are the first to report a confirmed vulnerability, we would like to recognize your contribution by listing your name, or the name of your organization on this page. You may obviously choose to remain anonymous.

For more details on how to report a security vulnerability, kindly check below.

Centreon reserves the right to make final decisions regarding publishing acknowledgments. Also, please be aware that only reports following our Security Policy may qualify for acknowledgement on this page.


2022

  • 2022/11/16 - Vladimir TOUTAIN from DSecBypass
  • 2022/10/05 - Héctor Morales
  • 2022/09/06 - Anonymous working with Trend Micro Zero Day Initiative
  • 2022/08/24 - Anonymous working with Trend Micro Zero Day Initiative
  • 2022/06/29 - Marcus Lichtenstern
  • 2022/05/23 - Lucas Carmo and Daniel França Lima from Hakaï Security
  • 2022/02/16 - Anonymous working with Trend Micro Zero Day Initiative

2021

2020


Security Policy

Centreon takes the security of our software products seriously.

If you believe you have found a security vulnerability, please report it to us as described below.

Reporting a Vulnerability

Please do not report security vulnerabilities through public GitHub issues.

Send an email to security@centreon.com. If possible, encrypt your message with our PGP key below.

You should receive a response within 48 hours. If for some reason you do not, please follow up via email to ensure we received your original message.

To help us better understand the nature and scope of the possible issue, please describe as much as you can:

  • Type of issue (e.g. buffer overflow, SQL injection, cross-site scripting, etc.)
  • Full paths of source file(s) related to the manifestation of the issue
  • The location of the affected source code (tag/branch/commit or direct URL)
  • Any special configuration required to reproduce the issue
  • Step-by-step instructions to reproduce the issue
  • Proof-of-concept or exploit code (if possible)
  • Impact of the issue, including how an attacker might exploit the issue

Bug bounty

We don't have a bug bounty program but this is something we are thinking about.

PGP information

Public key

Tag Value
ID C0C80F0275378FBC
Type RSA
Size 3072
Created 2023-02-13
Expires 2024-02-13
Fingerprint 5CC5 ED3E DA9B C9BC E438 E9E8 C0C8 0F02 7537 8FBC
-----BEGIN PGP PUBLIC KEY BLOCK-----

mQGNBGPqTP0BDAC+7lXJVSEE8TWSUY5uCvp6wcNVe+eD092GaorMT7hMll+lTBQg
y2j6zFmbVjUsrPl0MWOFnFub12M4icmY73AXjOD2+UbvKatIxUidd2EY4NGhuEXe
G7sjO9OqRwvksWrlLx13titfP2ZySBa7rJ+InKP8bDOgMHYnQ0rDpJohWBI0WqMJ
Jd6QPGFvAMLAAkt6B/gtlyvSF+pEcyUo3QmiV65mOzA6imgg2Ksgy3ZYyylZf27e
TQoFuBI8SKPn09ZMptBxIopbcoijCKb334POZrE/pOi0DThqxVjZDxvrWF6rp20N
NzbTiWQW6VXWjcBY80a/68hp6s0IUFYQoCGvyJta38R1ljc+i93ywtnstjjRyeyz
jkMR5kPFl3GRi0O2SseA/cO+Joz0+yvfIv78cXTPCyeEWXwxr5JP2Hs/TnDhCtLz
ZEbERRQBuTsBlKa6ov+Ozt5lMk54bwX1bb6WBnWBM5zEI/8eze2AMnJSxox8WpUk
N1N7Xs9Z5x5FrdMAEQEAAbRFQ2VudHJlb24gU2VjdXJpdHkgKHZ1bG5lcmFiaWxp
dHkgcmVwb3J0IDIwMjMpIDxzZWN1cml0eUBjZW50cmVvbi5jb20+iQHXBBMBCABB
FiEEXMXtPtqbybzkOOnowMgPAnU3j7wFAmPqTP0CGwMFCQHhM4AFCwkIBwICIgIG
FQoJCAsCBBYCAwECHgcCF4AACgkQwMgPAnU3j7xLcQwApWdy/Ry+wCh8N25BIe2f
nvTuowhlmVRE79H7U5VS9dO0R7AV3C/bvACd3pSPqO3oO8a2EX4IyGvsBJGhTRiS
g5XMljE0587gdJZOO5n52cnMDOkJCq/nNm1ToE/ZfM4LFb7OsltvePvfSaS1Q7cE
n1HyItakOKC+OKfy5jt7nFcj2Ib/tmL72v2QV7xdWtozxant5glteWw7B2v9Rm3U
iA4VkZ/MunZ9lKzSuo+Yi8ilALtw7QSTKnbvPCBhfLPnahxATgecfzKnWhZcvALN
KLEydawKVEg3wGY9ifCyduthV04OnFWXQnyb06Qx9EosL1d5UYywrTEeqZ7HNgtC
fo2NGFVDmKlPFF7RaaSsUynKk1vGiviz+4vuapfWGs3e30hIMLc3tMibgg9kFRyT
Y8bOSfcR/EX/zn2qHGJQ3Dt7c7oprKVeyCKsdihjVv2hRlrowGd4b//B+weXbiSS
BvTadCLC9V2fk08Ju5rIum2bWQLhLUhc+sdvUGwgKvMkuQGNBGPqTP0BDADmWkWM
ChEcdz8cconcs/cYn5Oi/3tzu1MtwBRQgU5DoPi35YDfrwzl7cCtGF6BuBZdhab2
spFjgpbeMWdGDqR+cfSyROQAUrPGlXhh3670rEHEAAYfEjP1MHEPB4X2quRNxV6T
oIvNLVrWv+LEcoEZ2gT2Hf2ojuXC9SIrfg8MCu2ELUFdE/WBF19Ph7hdl72roDO9
077DiS96dByYcqANPv2wxtfpZ/PK/E58y5pQl975sGgX0WNscGm9xezM8vDiOJ79
L0tMU+Q4BfP4VpoSlTBrfrpOL6Nu3Y6aeGerJaRErEfVYshd4Of/kxR6K1ezRK2d
SioOHBY/9eTFLnPMDAvQug43CZHTRb6tyj3RqrzNh8gFL8B33rg+PNSjo548WkFy
sJ/oMKkSVec569qRntF9dCWTOt2/TkSotHFcz05mj5pnP4eczAolA/HTg6bL2Iav
IlvFrPJeaeQ1xkI4WNInxN9emi5hLwaYnFXBHlAvf/29opzPZBY/Uopl0k8AEQEA
AYkBvAQYAQgAJhYhBFzF7T7am8m85Djp6MDIDwJ1N4+8BQJj6kz9AhsMBQkB4TOA
AAoJEMDIDwJ1N4+8nmUL/1OYBqV40gZl3N4v0OI1vioxFXSMRwpvt8lx8To8Y0/W
ovbypYsoMWoYgBWfCVblocmL5J4xk/GxQNFCagkk4hOimZdCi9DuhPzcX3CBY5h3
ZlVlRpSPzGi1rUfgSl+1rTMQFnGyzboqecak4EcB6d5DIwQCmleVEv1T01KqpQy/
AOkj3RiNGrMK+074SNjESCbsfo2MFPCiMeIXvcjIsqdV1CizcKkJccb4NJlM7lJY
xJgaThXLfPeCdiA4rzuzZ3qxqwOsf7wJ8J4RR3euTxbIbRjlZToucKjIrmh+Jmbc
t2py3zpMb8S0fhLxInjtrXKZxSJnaOqf7QMbojYmFB2b+9BQifpv3xTeQEUQk9Tc
mByN/F+FGfpe47xmWO7NiOZOKXKkZWrdxmXlUPUzm9cZEM6gzwXt8tS8IMW7D8nd
xcfmddd4zmTgN4H84TjdmsL9eC+1d221v86zjyN5w+LKKZLHX/3JkWLrq5V2jAPo
BCUHrt8R6d1/xMe53upLfg==
=sWVu
-----END PGP PUBLIC KEY BLOCK-----