csaf_opensuse - opensuse-su-2024:13533-1

opensuse-su-2024:13533-1

Vulnerability from csaf_opensuse

Published

2024-06-15 00:00

Modified

2024-06-15 00:00

Summary

cacti-1.2.26-1.1 on GA media

Notes

Title of the patch

cacti-1.2.26-1.1 on GA media

Description of the patch

These are all security issues fixed in the cacti-1.2.26-1.1 package on the GA media of openSUSE Tumbleweed.

Patchnames

openSUSE-Tumbleweed-2024-13533

CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "cacti-1.2.26-1.1 on GA media",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "These are all security issues fixed in the cacti-1.2.26-1.1 package on the GA media of openSUSE Tumbleweed.",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "openSUSE-Tumbleweed-2024-13533",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_13533-1.json"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2023-49084 page",
        "url": "https://www.suse.com/security/cve/CVE-2023-49084/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2023-49085 page",
        "url": "https://www.suse.com/security/cve/CVE-2023-49085/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2023-49086 page",
        "url": "https://www.suse.com/security/cve/CVE-2023-49086/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2023-49088 page",
        "url": "https://www.suse.com/security/cve/CVE-2023-49088/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2023-50250 page",
        "url": "https://www.suse.com/security/cve/CVE-2023-50250/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2023-51448 page",
        "url": "https://www.suse.com/security/cve/CVE-2023-51448/"
      }
    ],
    "title": "cacti-1.2.26-1.1 on GA media",
    "tracking": {
      "current_release_date": "2024-06-15T00:00:00Z",
      "generator": {
        "date": "2024-06-15T00:00:00Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "openSUSE-SU-2024:13533-1",
      "initial_release_date": "2024-06-15T00:00:00Z",
      "revision_history": [
        {
          "date": "2024-06-15T00:00:00Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "cacti-1.2.26-1.1.aarch64",
                "product": {
                  "name": "cacti-1.2.26-1.1.aarch64",
                  "product_id": "cacti-1.2.26-1.1.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "cacti-1.2.26-1.1.ppc64le",
                "product": {
                  "name": "cacti-1.2.26-1.1.ppc64le",
                  "product_id": "cacti-1.2.26-1.1.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "cacti-1.2.26-1.1.s390x",
                "product": {
                  "name": "cacti-1.2.26-1.1.s390x",
                  "product_id": "cacti-1.2.26-1.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "cacti-1.2.26-1.1.x86_64",
                "product": {
                  "name": "cacti-1.2.26-1.1.x86_64",
                  "product_id": "cacti-1.2.26-1.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "openSUSE Tumbleweed",
                "product": {
                  "name": "openSUSE Tumbleweed",
                  "product_id": "openSUSE Tumbleweed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:tumbleweed"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cacti-1.2.26-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:cacti-1.2.26-1.1.aarch64"
        },
        "product_reference": "cacti-1.2.26-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cacti-1.2.26-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:cacti-1.2.26-1.1.ppc64le"
        },
        "product_reference": "cacti-1.2.26-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cacti-1.2.26-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:cacti-1.2.26-1.1.s390x"
        },
        "product_reference": "cacti-1.2.26-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cacti-1.2.26-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:cacti-1.2.26-1.1.x86_64"
        },
        "product_reference": "cacti-1.2.26-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-49084",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2023-49084"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Cacti is a robust performance and fault management framework and a frontend to RRDTool - a Time Series Database (TSDB). While using the detected SQL Injection and insufficient processing of the include file path, it is possible to execute arbitrary code on the server. Exploitation of the vulnerability is possible for an authorized user. The vulnerable component is the `link.php`. Impact of the vulnerability execution of arbitrary code on the server.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:cacti-1.2.26-1.1.aarch64",
          "openSUSE Tumbleweed:cacti-1.2.26-1.1.ppc64le",
          "openSUSE Tumbleweed:cacti-1.2.26-1.1.s390x",
          "openSUSE Tumbleweed:cacti-1.2.26-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2023-49084",
          "url": "https://www.suse.com/security/cve/CVE-2023-49084"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1218360 for CVE-2023-49084",
          "url": "https://bugzilla.suse.com/1218360"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:cacti-1.2.26-1.1.aarch64",
            "openSUSE Tumbleweed:cacti-1.2.26-1.1.ppc64le",
            "openSUSE Tumbleweed:cacti-1.2.26-1.1.s390x",
            "openSUSE Tumbleweed:cacti-1.2.26-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:cacti-1.2.26-1.1.aarch64",
            "openSUSE Tumbleweed:cacti-1.2.26-1.1.ppc64le",
            "openSUSE Tumbleweed:cacti-1.2.26-1.1.s390x",
            "openSUSE Tumbleweed:cacti-1.2.26-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2023-49084"
    },
    {
      "cve": "CVE-2023-49085",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2023-49085"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Cacti provides an operational monitoring and fault management framework. In versions 1.2.25 and prior, it is possible to execute arbitrary SQL code through the `pollers.php` script. An authorized user may be able to execute arbitrary SQL code. The vulnerable component is the `pollers.php`. Impact of the vulnerability - arbitrary SQL code execution. As of time of publication, a patch does not appear to exist.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:cacti-1.2.26-1.1.aarch64",
          "openSUSE Tumbleweed:cacti-1.2.26-1.1.ppc64le",
          "openSUSE Tumbleweed:cacti-1.2.26-1.1.s390x",
          "openSUSE Tumbleweed:cacti-1.2.26-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2023-49085",
          "url": "https://www.suse.com/security/cve/CVE-2023-49085"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1218378 for CVE-2023-49085",
          "url": "https://bugzilla.suse.com/1218378"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:cacti-1.2.26-1.1.aarch64",
            "openSUSE Tumbleweed:cacti-1.2.26-1.1.ppc64le",
            "openSUSE Tumbleweed:cacti-1.2.26-1.1.s390x",
            "openSUSE Tumbleweed:cacti-1.2.26-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:cacti-1.2.26-1.1.aarch64",
            "openSUSE Tumbleweed:cacti-1.2.26-1.1.ppc64le",
            "openSUSE Tumbleweed:cacti-1.2.26-1.1.s390x",
            "openSUSE Tumbleweed:cacti-1.2.26-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2023-49085"
    },
    {
      "cve": "CVE-2023-49086",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2023-49086"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Cacti is a robust performance and fault management framework and a frontend to RRDTool - a Time Series Database (TSDB). A vulnerability in versions prior to 1.2.27 bypasses an earlier fix for CVE-2023-39360, therefore leading to a DOM XSS attack. Exploitation of the vulnerability is possible for an authorized user. The vulnerable component is the `graphs_new.php`. The impact of the vulnerability is execution of arbitrary JavaScript code in the attacked user\u0027s browser. This issue has been patched in version 1.2.27.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:cacti-1.2.26-1.1.aarch64",
          "openSUSE Tumbleweed:cacti-1.2.26-1.1.ppc64le",
          "openSUSE Tumbleweed:cacti-1.2.26-1.1.s390x",
          "openSUSE Tumbleweed:cacti-1.2.26-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2023-49086",
          "url": "https://www.suse.com/security/cve/CVE-2023-49086"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1218366 for CVE-2023-49086",
          "url": "https://bugzilla.suse.com/1218366"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:cacti-1.2.26-1.1.aarch64",
            "openSUSE Tumbleweed:cacti-1.2.26-1.1.ppc64le",
            "openSUSE Tumbleweed:cacti-1.2.26-1.1.s390x",
            "openSUSE Tumbleweed:cacti-1.2.26-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:cacti-1.2.26-1.1.aarch64",
            "openSUSE Tumbleweed:cacti-1.2.26-1.1.ppc64le",
            "openSUSE Tumbleweed:cacti-1.2.26-1.1.s390x",
            "openSUSE Tumbleweed:cacti-1.2.26-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2023-49086"
    },
    {
      "cve": "CVE-2023-49088",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2023-49088"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Cacti is an open source operational monitoring and fault management framework. The fix applied for CVE-2023-39515 in version 1.2.25 is incomplete as it enables an adversary to have a victim browser execute malicious code when a victim user hovers their mouse over the malicious data source path in `data_debug.php`. To perform the cross-site scripting attack, the adversary needs to be an authorized cacti user with the following permissions: `General Administration\u003eSites/Devices/Data`. The victim of this attack could be any account with permissions to view `http://\u003cHOST\u003e/cacti/data_debug.php`. As of time of publication, no complete fix has been included in Cacti.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:cacti-1.2.26-1.1.aarch64",
          "openSUSE Tumbleweed:cacti-1.2.26-1.1.ppc64le",
          "openSUSE Tumbleweed:cacti-1.2.26-1.1.s390x",
          "openSUSE Tumbleweed:cacti-1.2.26-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2023-49088",
          "url": "https://www.suse.com/security/cve/CVE-2023-49088"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1218379 for CVE-2023-49088",
          "url": "https://bugzilla.suse.com/1218379"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:cacti-1.2.26-1.1.aarch64",
            "openSUSE Tumbleweed:cacti-1.2.26-1.1.ppc64le",
            "openSUSE Tumbleweed:cacti-1.2.26-1.1.s390x",
            "openSUSE Tumbleweed:cacti-1.2.26-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.8,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:cacti-1.2.26-1.1.aarch64",
            "openSUSE Tumbleweed:cacti-1.2.26-1.1.ppc64le",
            "openSUSE Tumbleweed:cacti-1.2.26-1.1.s390x",
            "openSUSE Tumbleweed:cacti-1.2.26-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2023-49088"
    },
    {
      "cve": "CVE-2023-50250",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2023-50250"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Cacti is an open source operational monitoring and fault management framework. A reflection cross-site scripting vulnerability was discovered in version 1.2.25. Attackers can exploit this vulnerability to perform actions on behalf of other users. The vulnerability is found in `templates_import.php.` When uploading an xml template file, if the XML file does not pass the check, the server will give a JavaScript pop-up prompt, which contains unfiltered xml template file name, resulting in XSS. An attacker exploiting this vulnerability could execute actions on behalf of other users. This ability to impersonate users could lead to unauthorized changes to settings. As of time of publication, no patched versions are available.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:cacti-1.2.26-1.1.aarch64",
          "openSUSE Tumbleweed:cacti-1.2.26-1.1.ppc64le",
          "openSUSE Tumbleweed:cacti-1.2.26-1.1.s390x",
          "openSUSE Tumbleweed:cacti-1.2.26-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2023-50250",
          "url": "https://www.suse.com/security/cve/CVE-2023-50250"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1218380 for CVE-2023-50250",
          "url": "https://bugzilla.suse.com/1218380"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1224231 for CVE-2023-50250",
          "url": "https://bugzilla.suse.com/1224231"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:cacti-1.2.26-1.1.aarch64",
            "openSUSE Tumbleweed:cacti-1.2.26-1.1.ppc64le",
            "openSUSE Tumbleweed:cacti-1.2.26-1.1.s390x",
            "openSUSE Tumbleweed:cacti-1.2.26-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:cacti-1.2.26-1.1.aarch64",
            "openSUSE Tumbleweed:cacti-1.2.26-1.1.ppc64le",
            "openSUSE Tumbleweed:cacti-1.2.26-1.1.s390x",
            "openSUSE Tumbleweed:cacti-1.2.26-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2023-50250"
    },
    {
      "cve": "CVE-2023-51448",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2023-51448"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Cacti provides an operational monitoring and fault management framework. Version 1.2.25 has a Blind SQL Injection (SQLi) vulnerability within the SNMP Notification Receivers feature in the file `\u0027managers.php\u0027`. An authenticated attacker with the \"Settings/Utilities\" permission can send a crafted HTTP GET request to the endpoint `\u0027/cacti/managers.php\u0027` with an SQLi payload in the `\u0027selected_graphs_array\u0027` HTTP GET parameter. As of time of publication, no patched versions exist.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:cacti-1.2.26-1.1.aarch64",
          "openSUSE Tumbleweed:cacti-1.2.26-1.1.ppc64le",
          "openSUSE Tumbleweed:cacti-1.2.26-1.1.s390x",
          "openSUSE Tumbleweed:cacti-1.2.26-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2023-51448",
          "url": "https://www.suse.com/security/cve/CVE-2023-51448"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1218381 for CVE-2023-51448",
          "url": "https://bugzilla.suse.com/1218381"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:cacti-1.2.26-1.1.aarch64",
            "openSUSE Tumbleweed:cacti-1.2.26-1.1.ppc64le",
            "openSUSE Tumbleweed:cacti-1.2.26-1.1.s390x",
            "openSUSE Tumbleweed:cacti-1.2.26-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:cacti-1.2.26-1.1.aarch64",
            "openSUSE Tumbleweed:cacti-1.2.26-1.1.ppc64le",
            "openSUSE Tumbleweed:cacti-1.2.26-1.1.s390x",
            "openSUSE Tumbleweed:cacti-1.2.26-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2023-51448"
    }
  ]
}

CVE-2023-49084 (GCVE-0-2023-49084)

Vulnerability from cvelistv5

Published

2023-12-21 23:04

Modified

2025-02-13 17:18

Severity ?

8.0 (High) - CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

CWE

CWE-98 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

Summary

Cacti is a robust performance and fault management framework and a frontend to RRDTool - a Time Series Database (TSDB). While using the detected SQL Injection and insufficient processing of the include file path, it is possible to execute arbitrary code on the server. Exploitation of the vulnerability is possible for an authorized user. The vulnerable component is the `link.php`. Impact of the vulnerability execution of arbitrary code on the server.

References

►

URL

Tags

	https://github.com/Cacti/cacti/security/advisories/GHSA-pfh9-gwm6-86vp	x_refsource_CONFIRM
	http://packetstormsecurity.com/files/176995/Cacti-pollers.php-SQL-Injection-Remote-Code-Execution.html
	https://lists.debian.org/debian-lts-announce/2024/03/msg00018.html
	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/

Impacted products

	Vendor	Product	Version
	Cacti	cacti	Version: = 1.2.25

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T21:46:29.043Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://github.com/Cacti/cacti/security/advisories/GHSA-pfh9-gwm6-86vp",
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/Cacti/cacti/security/advisories/GHSA-pfh9-gwm6-86vp"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/176995/Cacti-pollers.php-SQL-Injection-Remote-Code-Execution.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00018.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "cacti",
          "vendor": "Cacti",
          "versions": [
            {
              "status": "affected",
              "version": "= 1.2.25"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Cacti is a robust performance and fault management framework and a frontend to RRDTool - a Time Series Database (TSDB). While using the detected SQL Injection and insufficient processing of the include file path, it is possible to execute arbitrary code on the server. Exploitation of the vulnerability is possible for an authorized user. The vulnerable component is the `link.php`. Impact of the vulnerability execution of arbitrary code on the server."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-98",
              "description": "CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program (\u0027PHP Remote File Inclusion\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-06-10T16:09:21.999Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/Cacti/cacti/security/advisories/GHSA-pfh9-gwm6-86vp",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/Cacti/cacti/security/advisories/GHSA-pfh9-gwm6-86vp"
        },
        {
          "url": "http://packetstormsecurity.com/files/176995/Cacti-pollers.php-SQL-Injection-Remote-Code-Execution.html"
        },
        {
          "url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00018.html"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/"
        }
      ],
      "source": {
        "advisory": "GHSA-pfh9-gwm6-86vp",
        "discovery": "UNKNOWN"
      },
      "title": "Local File Inclusion (RCE) in Cacti"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2023-49084",
    "datePublished": "2023-12-21T23:04:44.219Z",
    "dateReserved": "2023-11-21T18:57:30.428Z",
    "dateUpdated": "2025-02-13T17:18:30.635Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-49085 (GCVE-0-2023-49085)

Vulnerability from cvelistv5

Published

2023-12-22 16:13

Modified

2025-02-13 17:18

Severity ?

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Summary

Cacti provides an operational monitoring and fault management framework. In versions 1.2.25 and prior, it is possible to execute arbitrary SQL code through the `pollers.php` script. An authorized user may be able to execute arbitrary SQL code. The vulnerable component is the `pollers.php`. Impact of the vulnerability - arbitrary SQL code execution. As of time of publication, a patch does not appear to exist.

References

►

URL

Tags

	https://github.com/Cacti/cacti/security/advisories/GHSA-vr3c-38wh-g855	x_refsource_CONFIRM
	https://github.com/Cacti/cacti/blob/5f6f65c215d663a775950b2d9db35edbaf07d680/pollers.php#L451	x_refsource_MISC
	http://packetstormsecurity.com/files/176995/Cacti-pollers.php-SQL-Injection-Remote-Code-Execution.html
	https://lists.debian.org/debian-lts-announce/2024/03/msg00018.html
	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/

Impacted products

	Vendor	Product	Version
	Cacti	cacti	Version: <= 1.2.25

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T21:46:28.972Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://github.com/Cacti/cacti/security/advisories/GHSA-vr3c-38wh-g855",
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/Cacti/cacti/security/advisories/GHSA-vr3c-38wh-g855"
          },
          {
            "name": "https://github.com/Cacti/cacti/blob/5f6f65c215d663a775950b2d9db35edbaf07d680/pollers.php#L451",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/Cacti/cacti/blob/5f6f65c215d663a775950b2d9db35edbaf07d680/pollers.php#L451"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/176995/Cacti-pollers.php-SQL-Injection-Remote-Code-Execution.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00018.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "cacti",
          "vendor": "Cacti",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c= 1.2.25"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Cacti provides an operational monitoring and fault management framework. In versions 1.2.25 and prior, it is possible to execute arbitrary SQL code through the `pollers.php` script. An authorized user may be able to execute arbitrary SQL code. The vulnerable component is the `pollers.php`. Impact of the vulnerability - arbitrary SQL code execution. As of time of publication, a patch does not appear to exist."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-89",
              "description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-06-10T16:09:44.327Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/Cacti/cacti/security/advisories/GHSA-vr3c-38wh-g855",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/Cacti/cacti/security/advisories/GHSA-vr3c-38wh-g855"
        },
        {
          "name": "https://github.com/Cacti/cacti/blob/5f6f65c215d663a775950b2d9db35edbaf07d680/pollers.php#L451",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/Cacti/cacti/blob/5f6f65c215d663a775950b2d9db35edbaf07d680/pollers.php#L451"
        },
        {
          "url": "http://packetstormsecurity.com/files/176995/Cacti-pollers.php-SQL-Injection-Remote-Code-Execution.html"
        },
        {
          "url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00018.html"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/"
        }
      ],
      "source": {
        "advisory": "GHSA-vr3c-38wh-g855",
        "discovery": "UNKNOWN"
      },
      "title": "Cacti SQL Injection vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2023-49085",
    "datePublished": "2023-12-22T16:13:13.259Z",
    "dateReserved": "2023-11-21T18:57:30.428Z",
    "dateUpdated": "2025-02-13T17:18:31.593Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-49086 (GCVE-0-2023-49086)

Vulnerability from cvelistv5

Published

2023-12-21 23:29

Modified

2025-02-13 17:18

Severity ?

5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CWE

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Summary

Cacti is a robust performance and fault management framework and a frontend to RRDTool - a Time Series Database (TSDB). A vulnerability in versions prior to 1.2.27 bypasses an earlier fix for CVE-2023-39360, therefore leading to a DOM XSS attack. Exploitation of the vulnerability is possible for an authorized user. The vulnerable component is the `graphs_new.php`. The impact of the vulnerability is execution of arbitrary JavaScript code in the attacked user's browser. This issue has been patched in version 1.2.27.

References

►

URL

Tags

	https://github.com/Cacti/cacti/security/advisories/GHSA-wc73-r2vw-59pr	x_refsource_CONFIRM
	https://github.com/Cacti/cacti/commit/6ec01c8b2983bf4fcb86f8c647655f74090b5be9	x_refsource_MISC
	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/

Impacted products

	Vendor	Product	Version
	Cacti	cacti	Version: < 1.2.27

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T21:46:29.106Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://github.com/Cacti/cacti/security/advisories/GHSA-wc73-r2vw-59pr",
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/Cacti/cacti/security/advisories/GHSA-wc73-r2vw-59pr"
          },
          {
            "name": "https://github.com/Cacti/cacti/commit/6ec01c8b2983bf4fcb86f8c647655f74090b5be9",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/Cacti/cacti/commit/6ec01c8b2983bf4fcb86f8c647655f74090b5be9"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "cacti",
          "vendor": "Cacti",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 1.2.27"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Cacti is a robust performance and fault management framework and a frontend to RRDTool - a Time Series Database (TSDB). A vulnerability in versions prior to 1.2.27 bypasses an earlier fix for CVE-2023-39360, therefore leading to a DOM XSS attack. Exploitation of the vulnerability is possible for an authorized user. The vulnerable component is the `graphs_new.php`. The impact of the vulnerability is execution of arbitrary JavaScript code in the attacked user\u0027s browser. This issue has been patched in version 1.2.27."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-06-10T16:09:39.269Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/Cacti/cacti/security/advisories/GHSA-wc73-r2vw-59pr",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/Cacti/cacti/security/advisories/GHSA-wc73-r2vw-59pr"
        },
        {
          "name": "https://github.com/Cacti/cacti/commit/6ec01c8b2983bf4fcb86f8c647655f74090b5be9",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/Cacti/cacti/commit/6ec01c8b2983bf4fcb86f8c647655f74090b5be9"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/"
        }
      ],
      "source": {
        "advisory": "GHSA-wc73-r2vw-59pr",
        "discovery": "UNKNOWN"
      },
      "title": "Cacti is vulnerable to cross-Site scripting (XSS) DOM"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2023-49086",
    "datePublished": "2023-12-21T23:29:45.134Z",
    "dateReserved": "2023-11-21T18:57:30.428Z",
    "dateUpdated": "2025-02-13T17:18:32.220Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-51448 (GCVE-0-2023-51448)

Vulnerability from cvelistv5

Published

2023-12-22 16:44

Modified

2025-02-13 17:19

Severity ?

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Summary

Cacti provides an operational monitoring and fault management framework. Version 1.2.25 has a Blind SQL Injection (SQLi) vulnerability within the SNMP Notification Receivers feature in the file `‘managers.php’`. An authenticated attacker with the “Settings/Utilities” permission can send a crafted HTTP GET request to the endpoint `‘/cacti/managers.php’` with an SQLi payload in the `‘selected_graphs_array’` HTTP GET parameter. As of time of publication, no patched versions exist.

References

►

URL

Tags

	https://github.com/Cacti/cacti/security/advisories/GHSA-w85f-7c4w-7594	x_refsource_CONFIRM
	https://github.com/Cacti/cacti/blob/5f6f65c215d663a775950b2d9db35edbaf07d680/managers.php#L941	x_refsource_MISC
	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/

Impacted products

	Vendor	Product	Version
	Cacti	cacti	Version: <= 1.2.25

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T22:32:10.194Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://github.com/Cacti/cacti/security/advisories/GHSA-w85f-7c4w-7594",
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/Cacti/cacti/security/advisories/GHSA-w85f-7c4w-7594"
          },
          {
            "name": "https://github.com/Cacti/cacti/blob/5f6f65c215d663a775950b2d9db35edbaf07d680/managers.php#L941",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/Cacti/cacti/blob/5f6f65c215d663a775950b2d9db35edbaf07d680/managers.php#L941"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "cacti",
          "vendor": "Cacti",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c= 1.2.25"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Cacti provides an operational monitoring and fault management framework. Version 1.2.25 has a Blind SQL Injection (SQLi) vulnerability within the SNMP Notification Receivers feature in the file `\u2018managers.php\u2019`. An authenticated attacker with the \u201cSettings/Utilities\u201d permission can send a crafted HTTP GET request to the endpoint `\u2018/cacti/managers.php\u2019` with an SQLi payload in the `\u2018selected_graphs_array\u2019` HTTP GET parameter. As of time of publication, no patched versions exist."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-89",
              "description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-06-10T16:09:34.105Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/Cacti/cacti/security/advisories/GHSA-w85f-7c4w-7594",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/Cacti/cacti/security/advisories/GHSA-w85f-7c4w-7594"
        },
        {
          "name": "https://github.com/Cacti/cacti/blob/5f6f65c215d663a775950b2d9db35edbaf07d680/managers.php#L941",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/Cacti/cacti/blob/5f6f65c215d663a775950b2d9db35edbaf07d680/managers.php#L941"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/"
        }
      ],
      "source": {
        "advisory": "GHSA-w85f-7c4w-7594",
        "discovery": "UNKNOWN"
      },
      "title": "SQL Injection vulnerability when managing SNMP Notification Receivers"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2023-51448",
    "datePublished": "2023-12-22T16:44:57.007Z",
    "dateReserved": "2023-12-19T15:19:39.615Z",
    "dateUpdated": "2025-02-13T17:19:45.658Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-49088 (GCVE-0-2023-49088)

Vulnerability from cvelistv5

Published

2023-12-22 16:16

Modified

2025-02-13 17:18

Severity ?

6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N

CWE

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Summary

Cacti is an open source operational monitoring and fault management framework. The fix applied for CVE-2023-39515 in version 1.2.25 is incomplete as it enables an adversary to have a victim browser execute malicious code when a victim user hovers their mouse over the malicious data source path in `data_debug.php`. To perform the cross-site scripting attack, the adversary needs to be an authorized cacti user with the following permissions: `General Administration>Sites/Devices/Data`. The victim of this attack could be any account with permissions to view `http://<HOST>/cacti/data_debug.php`. As of time of publication, no complete fix has been included in Cacti.

References

►

URL

Tags

	https://github.com/Cacti/cacti/security/advisories/GHSA-q7g7-gcf6-wh4x	x_refsource_CONFIRM
	https://github.com/Cacti/cacti/security/advisories/GHSA-hrg9-qqqx-wc4h	x_refsource_MISC
	https://github.com/Cacti/cacti/blob/5f6f65c215d663a775950b2d9db35edbaf07d680/data_debug.php	x_refsource_MISC
	https://lists.debian.org/debian-lts-announce/2024/03/msg00018.html
	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/

Impacted products

	Vendor	Product	Version
	Cacti	cacti	Version: <= 1.2.25

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T21:46:29.327Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://github.com/Cacti/cacti/security/advisories/GHSA-q7g7-gcf6-wh4x",
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/Cacti/cacti/security/advisories/GHSA-q7g7-gcf6-wh4x"
          },
          {
            "name": "https://github.com/Cacti/cacti/security/advisories/GHSA-hrg9-qqqx-wc4h",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/Cacti/cacti/security/advisories/GHSA-hrg9-qqqx-wc4h"
          },
          {
            "name": "https://github.com/Cacti/cacti/blob/5f6f65c215d663a775950b2d9db35edbaf07d680/data_debug.php",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/Cacti/cacti/blob/5f6f65c215d663a775950b2d9db35edbaf07d680/data_debug.php"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00018.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "cacti",
          "vendor": "Cacti",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c= 1.2.25"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Cacti is an open source operational monitoring and fault management framework. The fix applied for CVE-2023-39515 in version 1.2.25 is incomplete as it enables an adversary to have a victim browser execute malicious code when a victim user hovers their mouse over the malicious data source path in `data_debug.php`. To perform the cross-site scripting attack, the adversary needs to be an authorized cacti user with the following permissions: `General Administration\u003eSites/Devices/Data`. The victim of this attack could be any account with permissions to view `http://\u003cHOST\u003e/cacti/data_debug.php`. As of time of publication, no complete fix has been included in Cacti."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-06-10T16:09:32.324Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/Cacti/cacti/security/advisories/GHSA-q7g7-gcf6-wh4x",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/Cacti/cacti/security/advisories/GHSA-q7g7-gcf6-wh4x"
        },
        {
          "name": "https://github.com/Cacti/cacti/security/advisories/GHSA-hrg9-qqqx-wc4h",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/Cacti/cacti/security/advisories/GHSA-hrg9-qqqx-wc4h"
        },
        {
          "name": "https://github.com/Cacti/cacti/blob/5f6f65c215d663a775950b2d9db35edbaf07d680/data_debug.php",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/Cacti/cacti/blob/5f6f65c215d663a775950b2d9db35edbaf07d680/data_debug.php"
        },
        {
          "url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00018.html"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/"
        }
      ],
      "source": {
        "advisory": "GHSA-q7g7-gcf6-wh4x",
        "discovery": "UNKNOWN"
      },
      "title": "Cacti has incomplete fix for CVE-2023-39515"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2023-49088",
    "datePublished": "2023-12-22T16:16:53.348Z",
    "dateReserved": "2023-11-21T18:57:30.429Z",
    "dateUpdated": "2025-02-13T17:18:33.056Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-50250 (GCVE-0-2023-50250)

Vulnerability from cvelistv5

Published

2023-12-22 16:39

Modified

2025-02-13 17:19

Severity ?

5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L

CWE

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Summary

Cacti is an open source operational monitoring and fault management framework. A reflection cross-site scripting vulnerability was discovered in version 1.2.25. Attackers can exploit this vulnerability to perform actions on behalf of other users. The vulnerability is found in `templates_import.php.` When uploading an xml template file, if the XML file does not pass the check, the server will give a JavaScript pop-up prompt, which contains unfiltered xml template file name, resulting in XSS. An attacker exploiting this vulnerability could execute actions on behalf of other users. This ability to impersonate users could lead to unauthorized changes to settings. As of time of publication, no patched versions are available.

References

►

URL

Tags

	https://github.com/Cacti/cacti/security/advisories/GHSA-xwqc-7jc4-xm73	x_refsource_CONFIRM
	https://github.com/Cacti/cacti/blob/5f6f65c215d663a775950b2d9db35edbaf07d680/templates_import.php	x_refsource_MISC
	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/

Impacted products

	Vendor	Product	Version
	Cacti	cacti	Version: <= 1.2.25

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T22:16:46.196Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://github.com/Cacti/cacti/security/advisories/GHSA-xwqc-7jc4-xm73",
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/Cacti/cacti/security/advisories/GHSA-xwqc-7jc4-xm73"
          },
          {
            "name": "https://github.com/Cacti/cacti/blob/5f6f65c215d663a775950b2d9db35edbaf07d680/templates_import.php",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/Cacti/cacti/blob/5f6f65c215d663a775950b2d9db35edbaf07d680/templates_import.php"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "cacti",
          "vendor": "Cacti",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c= 1.2.25"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Cacti is an open source operational monitoring and fault management framework. A reflection cross-site scripting vulnerability was discovered in version 1.2.25. Attackers can exploit this vulnerability to perform actions on behalf of other users. The vulnerability is found in `templates_import.php.` When uploading an xml template file, if the XML file does not pass the check, the server will give a JavaScript pop-up prompt, which contains unfiltered xml template file name, resulting in XSS. An attacker exploiting this vulnerability could execute actions on behalf of other users. This ability to impersonate users could lead to unauthorized changes to settings. As of time of publication, no patched versions are available."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-06-10T16:09:35.748Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/Cacti/cacti/security/advisories/GHSA-xwqc-7jc4-xm73",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/Cacti/cacti/security/advisories/GHSA-xwqc-7jc4-xm73"
        },
        {
          "name": "https://github.com/Cacti/cacti/blob/5f6f65c215d663a775950b2d9db35edbaf07d680/templates_import.php",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/Cacti/cacti/blob/5f6f65c215d663a775950b2d9db35edbaf07d680/templates_import.php"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/"
        }
      ],
      "source": {
        "advisory": "GHSA-xwqc-7jc4-xm73",
        "discovery": "UNKNOWN"
      },
      "title": "Cross-Site Scripting vulnerability when Import xml template file"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2023-50250",
    "datePublished": "2023-12-22T16:39:47.736Z",
    "dateReserved": "2023-12-05T20:42:59.377Z",
    "dateUpdated": "2025-02-13T17:19:01.817Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

opensuse-su-2024:13533-1

Vulnerability from csaf_opensuse

CVE-2023-49084 (GCVE-0-2023-49084)

Vulnerability from cvelistv5

CVE-2023-49085 (GCVE-0-2023-49085)

Vulnerability from cvelistv5

CVE-2023-49086 (GCVE-0-2023-49086)

Vulnerability from cvelistv5

CVE-2023-51448 (GCVE-0-2023-51448)

Vulnerability from cvelistv5

CVE-2023-49088 (GCVE-0-2023-49088)

Vulnerability from cvelistv5

CVE-2023-50250 (GCVE-0-2023-50250)

Vulnerability from cvelistv5

Tags

Sightings

Nomenclature