csaf_opensuse - opensuse-su-2024:13962-1

opensuse-su-2024:13962-1

Vulnerability from csaf_opensuse

Published

2024-06-15 00:00

Modified

2024-06-15 00:00

Summary

cacti-1.2.27-1.1 on GA media

Notes

Title of the patch

cacti-1.2.27-1.1 on GA media

Description of the patch

These are all security issues fixed in the cacti-1.2.27-1.1 package on the GA media of openSUSE Tumbleweed.

Patchnames

openSUSE-Tumbleweed-2024-13962

CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "cacti-1.2.27-1.1 on GA media",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "These are all security issues fixed in the cacti-1.2.27-1.1 package on the GA media of openSUSE Tumbleweed.",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "openSUSE-Tumbleweed-2024-13962",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_13962-1.json"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-25641 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-25641/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-27082 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-27082/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-29894 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-29894/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-31443 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-31443/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-31444 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-31444/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-31445 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-31445/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-31458 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-31458/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-31459 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-31459/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-31460 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-31460/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-34340 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-34340/"
      }
    ],
    "title": "cacti-1.2.27-1.1 on GA media",
    "tracking": {
      "current_release_date": "2024-06-15T00:00:00Z",
      "generator": {
        "date": "2024-06-15T00:00:00Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "openSUSE-SU-2024:13962-1",
      "initial_release_date": "2024-06-15T00:00:00Z",
      "revision_history": [
        {
          "date": "2024-06-15T00:00:00Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "cacti-1.2.27-1.1.aarch64",
                "product": {
                  "name": "cacti-1.2.27-1.1.aarch64",
                  "product_id": "cacti-1.2.27-1.1.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "cacti-1.2.27-1.1.ppc64le",
                "product": {
                  "name": "cacti-1.2.27-1.1.ppc64le",
                  "product_id": "cacti-1.2.27-1.1.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "cacti-1.2.27-1.1.s390x",
                "product": {
                  "name": "cacti-1.2.27-1.1.s390x",
                  "product_id": "cacti-1.2.27-1.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "cacti-1.2.27-1.1.x86_64",
                "product": {
                  "name": "cacti-1.2.27-1.1.x86_64",
                  "product_id": "cacti-1.2.27-1.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "openSUSE Tumbleweed",
                "product": {
                  "name": "openSUSE Tumbleweed",
                  "product_id": "openSUSE Tumbleweed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:tumbleweed"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cacti-1.2.27-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:cacti-1.2.27-1.1.aarch64"
        },
        "product_reference": "cacti-1.2.27-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cacti-1.2.27-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:cacti-1.2.27-1.1.ppc64le"
        },
        "product_reference": "cacti-1.2.27-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cacti-1.2.27-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:cacti-1.2.27-1.1.s390x"
        },
        "product_reference": "cacti-1.2.27-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cacti-1.2.27-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:cacti-1.2.27-1.1.x86_64"
        },
        "product_reference": "cacti-1.2.27-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-25641",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-25641"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, an arbitrary file write vulnerability, exploitable through the \"Package Import\" feature, allows authenticated users having the \"Import Templates\" permission to execute arbitrary PHP code on the web server. The vulnerability is located within the `import_package()` function defined into the `/lib/import.php` script. The function blindly trusts the filename and file content provided within the XML data, and writes such files into the Cacti base path (or even outside, since path traversal sequences are not filtered). This can be exploited to write or overwrite arbitrary files on the web server, leading to execution of arbitrary PHP code or other security impacts. Version 1.2.27 contains a patch for this issue.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:cacti-1.2.27-1.1.aarch64",
          "openSUSE Tumbleweed:cacti-1.2.27-1.1.ppc64le",
          "openSUSE Tumbleweed:cacti-1.2.27-1.1.s390x",
          "openSUSE Tumbleweed:cacti-1.2.27-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-25641",
          "url": "https://www.suse.com/security/cve/CVE-2024-25641"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1224229 for CVE-2024-25641",
          "url": "https://bugzilla.suse.com/1224229"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:cacti-1.2.27-1.1.aarch64",
            "openSUSE Tumbleweed:cacti-1.2.27-1.1.ppc64le",
            "openSUSE Tumbleweed:cacti-1.2.27-1.1.s390x",
            "openSUSE Tumbleweed:cacti-1.2.27-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.2,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:cacti-1.2.27-1.1.aarch64",
            "openSUSE Tumbleweed:cacti-1.2.27-1.1.ppc64le",
            "openSUSE Tumbleweed:cacti-1.2.27-1.1.s390x",
            "openSUSE Tumbleweed:cacti-1.2.27-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "critical"
        }
      ],
      "title": "CVE-2024-25641"
    },
    {
      "cve": "CVE-2024-27082",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-27082"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Cacti provides an operational monitoring and fault management framework. Versions of Cacti prior to 1.2.27 are vulnerable to stored cross-site scripting, a type of cross-site scripting where malicious scripts are permanently stored on a target server and served to users who access a particular page. Version 1.2.27 contains a patch for the issue.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:cacti-1.2.27-1.1.aarch64",
          "openSUSE Tumbleweed:cacti-1.2.27-1.1.ppc64le",
          "openSUSE Tumbleweed:cacti-1.2.27-1.1.s390x",
          "openSUSE Tumbleweed:cacti-1.2.27-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-27082",
          "url": "https://www.suse.com/security/cve/CVE-2024-27082"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1224230 for CVE-2024-27082",
          "url": "https://bugzilla.suse.com/1224230"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:cacti-1.2.27-1.1.aarch64",
            "openSUSE Tumbleweed:cacti-1.2.27-1.1.ppc64le",
            "openSUSE Tumbleweed:cacti-1.2.27-1.1.s390x",
            "openSUSE Tumbleweed:cacti-1.2.27-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:cacti-1.2.27-1.1.aarch64",
            "openSUSE Tumbleweed:cacti-1.2.27-1.1.ppc64le",
            "openSUSE Tumbleweed:cacti-1.2.27-1.1.s390x",
            "openSUSE Tumbleweed:cacti-1.2.27-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2024-27082"
    },
    {
      "cve": "CVE-2024-29894",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-29894"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Cacti provides an operational monitoring and fault management framework. Versions of Cacti prior to 1.2.27 contain a residual cross-site scripting vulnerability caused by an incomplete fix for CVE-2023-50250. `raise_message_javascript` from `lib/functions.php` now uses purify.js to fix CVE-2023-50250 (among others). However, it still generates the code out of unescaped PHP variables `$title` and `$header`. If those variables contain single quotes, they can be used to inject JavaScript code. An attacker exploiting this vulnerability could execute actions on behalf of other users. This ability to impersonate users could lead to unauthorized changes to settings. Version 1.2.27 fixes this issue.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:cacti-1.2.27-1.1.aarch64",
          "openSUSE Tumbleweed:cacti-1.2.27-1.1.ppc64le",
          "openSUSE Tumbleweed:cacti-1.2.27-1.1.s390x",
          "openSUSE Tumbleweed:cacti-1.2.27-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-29894",
          "url": "https://www.suse.com/security/cve/CVE-2024-29894"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1224231 for CVE-2024-29894",
          "url": "https://bugzilla.suse.com/1224231"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:cacti-1.2.27-1.1.aarch64",
            "openSUSE Tumbleweed:cacti-1.2.27-1.1.ppc64le",
            "openSUSE Tumbleweed:cacti-1.2.27-1.1.s390x",
            "openSUSE Tumbleweed:cacti-1.2.27-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.7,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:cacti-1.2.27-1.1.aarch64",
            "openSUSE Tumbleweed:cacti-1.2.27-1.1.ppc64le",
            "openSUSE Tumbleweed:cacti-1.2.27-1.1.s390x",
            "openSUSE Tumbleweed:cacti-1.2.27-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2024-29894"
    },
    {
      "cve": "CVE-2024-31443",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-31443"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Cacti provides an operational monitoring and fault management framework. Prior to 1.2.27, some of the data stored in `form_save()` function in `data_queries.php` is not thoroughly checked and is used to concatenate the HTML statement in `grow_right_pane_tree()` function from `lib/html.php` , finally resulting in cross-site scripting. Version 1.2.27 contains a patch for the issue.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:cacti-1.2.27-1.1.aarch64",
          "openSUSE Tumbleweed:cacti-1.2.27-1.1.ppc64le",
          "openSUSE Tumbleweed:cacti-1.2.27-1.1.s390x",
          "openSUSE Tumbleweed:cacti-1.2.27-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-31443",
          "url": "https://www.suse.com/security/cve/CVE-2024-31443"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1224235 for CVE-2024-31443",
          "url": "https://bugzilla.suse.com/1224235"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:cacti-1.2.27-1.1.aarch64",
            "openSUSE Tumbleweed:cacti-1.2.27-1.1.ppc64le",
            "openSUSE Tumbleweed:cacti-1.2.27-1.1.s390x",
            "openSUSE Tumbleweed:cacti-1.2.27-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:cacti-1.2.27-1.1.aarch64",
            "openSUSE Tumbleweed:cacti-1.2.27-1.1.ppc64le",
            "openSUSE Tumbleweed:cacti-1.2.27-1.1.s390x",
            "openSUSE Tumbleweed:cacti-1.2.27-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2024-31443"
    },
    {
      "cve": "CVE-2024-31444",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-31444"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, some of the data stored in `automation_tree_rules_form_save()` function in `automation_tree_rules.php` is not thoroughly checked and is used to concatenate the HTML statement in `form_confirm()` function from `lib/html.php` , finally resulting in cross-site scripting. Version 1.2.27 contains a patch for the issue.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:cacti-1.2.27-1.1.aarch64",
          "openSUSE Tumbleweed:cacti-1.2.27-1.1.ppc64le",
          "openSUSE Tumbleweed:cacti-1.2.27-1.1.s390x",
          "openSUSE Tumbleweed:cacti-1.2.27-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-31444",
          "url": "https://www.suse.com/security/cve/CVE-2024-31444"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1224236 for CVE-2024-31444",
          "url": "https://bugzilla.suse.com/1224236"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:cacti-1.2.27-1.1.aarch64",
            "openSUSE Tumbleweed:cacti-1.2.27-1.1.ppc64le",
            "openSUSE Tumbleweed:cacti-1.2.27-1.1.s390x",
            "openSUSE Tumbleweed:cacti-1.2.27-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:cacti-1.2.27-1.1.aarch64",
            "openSUSE Tumbleweed:cacti-1.2.27-1.1.ppc64le",
            "openSUSE Tumbleweed:cacti-1.2.27-1.1.s390x",
            "openSUSE Tumbleweed:cacti-1.2.27-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2024-31444"
    },
    {
      "cve": "CVE-2024-31445",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-31445"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, a SQL injection vulnerability in `automation_get_new_graphs_sql` function of `api_automation.php` allows authenticated users to exploit these SQL injection vulnerabilities to perform privilege escalation and remote code execution. In `api_automation.php` line 856, the `get_request_var(\u0027filter\u0027)` is being concatenated into the SQL statement without any sanitization. In `api_automation.php` line 717, The filter of `\u0027filter\u0027` is `FILTER_DEFAULT`, which means there is no filter for it. Version 1.2.27 contains a patch for the issue.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:cacti-1.2.27-1.1.aarch64",
          "openSUSE Tumbleweed:cacti-1.2.27-1.1.ppc64le",
          "openSUSE Tumbleweed:cacti-1.2.27-1.1.s390x",
          "openSUSE Tumbleweed:cacti-1.2.27-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-31445",
          "url": "https://www.suse.com/security/cve/CVE-2024-31445"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1224237 for CVE-2024-31445",
          "url": "https://bugzilla.suse.com/1224237"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:cacti-1.2.27-1.1.aarch64",
            "openSUSE Tumbleweed:cacti-1.2.27-1.1.ppc64le",
            "openSUSE Tumbleweed:cacti-1.2.27-1.1.s390x",
            "openSUSE Tumbleweed:cacti-1.2.27-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:cacti-1.2.27-1.1.aarch64",
            "openSUSE Tumbleweed:cacti-1.2.27-1.1.ppc64le",
            "openSUSE Tumbleweed:cacti-1.2.27-1.1.s390x",
            "openSUSE Tumbleweed:cacti-1.2.27-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2024-31445"
    },
    {
      "cve": "CVE-2024-31458",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-31458"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, some of the data stored in `form_save()` function in `graph_template_inputs.php` is not thoroughly checked and is used to concatenate the SQL statement in `draw_nontemplated_fields_graph_item()` function from `lib/html_form_templates.php` , finally resulting in SQL injection. Version 1.2.27 contains a patch for the issue.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:cacti-1.2.27-1.1.aarch64",
          "openSUSE Tumbleweed:cacti-1.2.27-1.1.ppc64le",
          "openSUSE Tumbleweed:cacti-1.2.27-1.1.s390x",
          "openSUSE Tumbleweed:cacti-1.2.27-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-31458",
          "url": "https://www.suse.com/security/cve/CVE-2024-31458"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1224240 for CVE-2024-31458",
          "url": "https://bugzilla.suse.com/1224240"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:cacti-1.2.27-1.1.aarch64",
            "openSUSE Tumbleweed:cacti-1.2.27-1.1.ppc64le",
            "openSUSE Tumbleweed:cacti-1.2.27-1.1.s390x",
            "openSUSE Tumbleweed:cacti-1.2.27-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:cacti-1.2.27-1.1.aarch64",
            "openSUSE Tumbleweed:cacti-1.2.27-1.1.ppc64le",
            "openSUSE Tumbleweed:cacti-1.2.27-1.1.s390x",
            "openSUSE Tumbleweed:cacti-1.2.27-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2024-31458"
    },
    {
      "cve": "CVE-2024-31459",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-31459"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, there is a file inclusion issue in the `lib/plugin.php` file. Combined with SQL injection vulnerabilities, remote code execution can be implemented. There is a file inclusion issue with the `api_plugin_hook()` function in the `lib/plugin.php` file, which reads the plugin_hooks and plugin_config tables in database. The read data is directly used to concatenate the file path which is used for file inclusion. Version 1.2.27 contains a patch for the issue.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:cacti-1.2.27-1.1.aarch64",
          "openSUSE Tumbleweed:cacti-1.2.27-1.1.ppc64le",
          "openSUSE Tumbleweed:cacti-1.2.27-1.1.s390x",
          "openSUSE Tumbleweed:cacti-1.2.27-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-31459",
          "url": "https://www.suse.com/security/cve/CVE-2024-31459"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1224238 for CVE-2024-31459",
          "url": "https://bugzilla.suse.com/1224238"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:cacti-1.2.27-1.1.aarch64",
            "openSUSE Tumbleweed:cacti-1.2.27-1.1.ppc64le",
            "openSUSE Tumbleweed:cacti-1.2.27-1.1.s390x",
            "openSUSE Tumbleweed:cacti-1.2.27-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.2,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:cacti-1.2.27-1.1.aarch64",
            "openSUSE Tumbleweed:cacti-1.2.27-1.1.ppc64le",
            "openSUSE Tumbleweed:cacti-1.2.27-1.1.s390x",
            "openSUSE Tumbleweed:cacti-1.2.27-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2024-31459"
    },
    {
      "cve": "CVE-2024-31460",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-31460"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, some of the data stored in `automation_tree_rules.php` is not thoroughly checked and is used to concatenate the SQL statement in `create_all_header_nodes()`  function from `lib/api_automation.php` , finally resulting in SQL injection. Using SQL based secondary injection technology, attackers can modify the contents of the Cacti database, and based on the modified content, it may be possible to achieve further impact, such as arbitrary file reading, and even remote code execution through arbitrary file writing. Version 1.2.27 contains a patch for the issue.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:cacti-1.2.27-1.1.aarch64",
          "openSUSE Tumbleweed:cacti-1.2.27-1.1.ppc64le",
          "openSUSE Tumbleweed:cacti-1.2.27-1.1.s390x",
          "openSUSE Tumbleweed:cacti-1.2.27-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-31460",
          "url": "https://www.suse.com/security/cve/CVE-2024-31460"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1224239 for CVE-2024-31460",
          "url": "https://bugzilla.suse.com/1224239"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:cacti-1.2.27-1.1.aarch64",
            "openSUSE Tumbleweed:cacti-1.2.27-1.1.ppc64le",
            "openSUSE Tumbleweed:cacti-1.2.27-1.1.s390x",
            "openSUSE Tumbleweed:cacti-1.2.27-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:cacti-1.2.27-1.1.aarch64",
            "openSUSE Tumbleweed:cacti-1.2.27-1.1.ppc64le",
            "openSUSE Tumbleweed:cacti-1.2.27-1.1.s390x",
            "openSUSE Tumbleweed:cacti-1.2.27-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2024-31460"
    },
    {
      "cve": "CVE-2024-34340",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-34340"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, Cacti calls `compat_password_hash` when users set their password. `compat_password_hash` use `password_hash` if there is it, else use `md5`. When verifying password, it calls `compat_password_verify`. In `compat_password_verify`, `password_verify` is called if there is it, else use `md5`. `password_verify` and `password_hash` are supported on PHP \u003c 5.5.0, following PHP manual. The vulnerability is in `compat_password_verify`. Md5-hashed user input is compared with correct password in database by `$md5 == $hash`. It is a loose comparison, not `===`. It is a type juggling vulnerability. Version 1.2.27 contains a patch for the issue.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:cacti-1.2.27-1.1.aarch64",
          "openSUSE Tumbleweed:cacti-1.2.27-1.1.ppc64le",
          "openSUSE Tumbleweed:cacti-1.2.27-1.1.s390x",
          "openSUSE Tumbleweed:cacti-1.2.27-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-34340",
          "url": "https://www.suse.com/security/cve/CVE-2024-34340"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1224241 for CVE-2024-34340",
          "url": "https://bugzilla.suse.com/1224241"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:cacti-1.2.27-1.1.aarch64",
            "openSUSE Tumbleweed:cacti-1.2.27-1.1.ppc64le",
            "openSUSE Tumbleweed:cacti-1.2.27-1.1.s390x",
            "openSUSE Tumbleweed:cacti-1.2.27-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:cacti-1.2.27-1.1.aarch64",
            "openSUSE Tumbleweed:cacti-1.2.27-1.1.ppc64le",
            "openSUSE Tumbleweed:cacti-1.2.27-1.1.s390x",
            "openSUSE Tumbleweed:cacti-1.2.27-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "critical"
        }
      ],
      "title": "CVE-2024-34340"
    }
  ]
}

CVE-2024-27082 (GCVE-0-2024-27082)

Vulnerability from cvelistv5

Published

2024-05-13 13:49

Modified

2024-08-02 00:27

Severity ?

7.6 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:H

CWE

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Summary

Cacti provides an operational monitoring and fault management framework. Versions of Cacti prior to 1.2.27 are vulnerable to stored cross-site scripting, a type of cross-site scripting where malicious scripts are permanently stored on a target server and served to users who access a particular page. Version 1.2.27 contains a patch for the issue.

References

►

URL

Tags

https://github.com/Cacti/cacti/security/advisories/GHSA-j868-7vjp-rp9h

x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	Cacti	cacti	Version: < 1.2.27

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:cacti:cacti:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "cacti",
            "vendor": "cacti",
            "versions": [
              {
                "lessThan": "1.2.27",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-27082",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-13T14:24:32.093553Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:47:23.551Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T00:27:57.834Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://github.com/Cacti/cacti/security/advisories/GHSA-j868-7vjp-rp9h",
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/Cacti/cacti/security/advisories/GHSA-j868-7vjp-rp9h"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "cacti",
          "vendor": "Cacti",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 1.2.27"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Cacti provides an operational monitoring and fault management framework. Versions of Cacti prior to 1.2.27 are vulnerable to stored cross-site scripting, a type of cross-site scripting where malicious scripts are permanently stored on a target server and served to users who access a particular page. Version 1.2.27 contains a patch for the issue."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.6,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-05-13T13:49:10.484Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/Cacti/cacti/security/advisories/GHSA-j868-7vjp-rp9h",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/Cacti/cacti/security/advisories/GHSA-j868-7vjp-rp9h"
        }
      ],
      "source": {
        "advisory": "GHSA-j868-7vjp-rp9h",
        "discovery": "UNKNOWN"
      },
      "title": "Cacti Cross-site Scripting vulnerability when managing trees"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2024-27082",
    "datePublished": "2024-05-13T13:49:10.484Z",
    "dateReserved": "2024-02-19T14:43:05.991Z",
    "dateUpdated": "2024-08-02T00:27:57.834Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-31444 (GCVE-0-2024-31444)

Vulnerability from cvelistv5

Published

2024-05-13 15:03

Modified

2025-02-13 17:47

Severity ?

4.6 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L

CWE

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Summary

Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, some of the data stored in `automation_tree_rules_form_save()` function in `automation_tree_rules.php` is not thoroughly checked and is used to concatenate the HTML statement in `form_confirm()` function from `lib/html.php` , finally resulting in cross-site scripting. Version 1.2.27 contains a patch for the issue.

References

►

URL

Tags

	https://github.com/Cacti/cacti/security/advisories/GHSA-p4ch-7hjw-6m87	x_refsource_CONFIRM
	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/

Impacted products

	Vendor	Product	Version
	Cacti	cacti	Version: < 1.2.27

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:cacti:cacti:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "cacti",
            "vendor": "cacti",
            "versions": [
              {
                "lessThan": "1.2.27",
                "status": "affected",
                "version": "-",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-31444",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-13T17:22:10.999271Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:36:57.403Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T01:52:56.953Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://github.com/Cacti/cacti/security/advisories/GHSA-p4ch-7hjw-6m87",
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/Cacti/cacti/security/advisories/GHSA-p4ch-7hjw-6m87"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "cacti",
          "vendor": "Cacti",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 1.2.27"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, some of the data stored in `automation_tree_rules_form_save()` function in `automation_tree_rules.php` is not thoroughly checked and is used to concatenate the HTML statement in `form_confirm()` function from `lib/html.php` , finally resulting in cross-site scripting. Version 1.2.27 contains a patch for the issue."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 4.6,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-06-10T16:09:20.406Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/Cacti/cacti/security/advisories/GHSA-p4ch-7hjw-6m87",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/Cacti/cacti/security/advisories/GHSA-p4ch-7hjw-6m87"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/"
        }
      ],
      "source": {
        "advisory": "GHSA-p4ch-7hjw-6m87",
        "discovery": "UNKNOWN"
      },
      "title": "Cacti XSS vulnerability in lib/html.php by reading dirty data stored in database"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2024-31444",
    "datePublished": "2024-05-13T15:03:58.385Z",
    "dateReserved": "2024-04-03T17:55:32.645Z",
    "dateUpdated": "2025-02-13T17:47:54.981Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-31460 (GCVE-0-2024-31460)

Vulnerability from cvelistv5

Published

2024-05-13 15:14

Modified

2025-02-13 17:47

Severity ?

6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

CWE

CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Summary

Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, some of the data stored in `automation_tree_rules.php` is not thoroughly checked and is used to concatenate the SQL statement in `create_all_header_nodes()` function from `lib/api_automation.php` , finally resulting in SQL injection. Using SQL based secondary injection technology, attackers can modify the contents of the Cacti database, and based on the modified content, it may be possible to achieve further impact, such as arbitrary file reading, and even remote code execution through arbitrary file writing. Version 1.2.27 contains a patch for the issue.

References

►

URL

Tags

	https://github.com/Cacti/cacti/security/advisories/GHSA-gj3f-p326-gh8r	x_refsource_CONFIRM
	https://github.com/Cacti/cacti/security/advisories/GHSA-cx8g-hvq8-p2rv	x_refsource_MISC
	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/

Impacted products

	Vendor	Product	Version
	Cacti	cacti	Version: < 1.2.27

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:cacti:cacti:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "cacti",
            "vendor": "cacti",
            "versions": [
              {
                "lessThan": "1.2.27",
                "status": "affected",
                "version": "-",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-31460",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-13T17:23:51.598160Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:36:17.106Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T01:52:57.065Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://github.com/Cacti/cacti/security/advisories/GHSA-gj3f-p326-gh8r",
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/Cacti/cacti/security/advisories/GHSA-gj3f-p326-gh8r"
          },
          {
            "name": "https://github.com/Cacti/cacti/security/advisories/GHSA-cx8g-hvq8-p2rv",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/Cacti/cacti/security/advisories/GHSA-cx8g-hvq8-p2rv"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "cacti",
          "vendor": "Cacti",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 1.2.27"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, some of the data stored in `automation_tree_rules.php` is not thoroughly checked and is used to concatenate the SQL statement in `create_all_header_nodes()`  function from `lib/api_automation.php` , finally resulting in SQL injection. Using SQL based secondary injection technology, attackers can modify the contents of the Cacti database, and based on the modified content, it may be possible to achieve further impact, such as arbitrary file reading, and even remote code execution through arbitrary file writing. Version 1.2.27 contains a patch for the issue."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-89",
              "description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-06-10T16:09:42.709Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/Cacti/cacti/security/advisories/GHSA-gj3f-p326-gh8r",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/Cacti/cacti/security/advisories/GHSA-gj3f-p326-gh8r"
        },
        {
          "name": "https://github.com/Cacti/cacti/security/advisories/GHSA-cx8g-hvq8-p2rv",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/Cacti/cacti/security/advisories/GHSA-cx8g-hvq8-p2rv"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/"
        }
      ],
      "source": {
        "advisory": "GHSA-gj3f-p326-gh8r",
        "discovery": "UNKNOWN"
      },
      "title": "Cacti SQL Injection vulnerability in lib/api_automation.php caused by reading dirty data stored in database"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2024-31460",
    "datePublished": "2024-05-13T15:14:38.689Z",
    "dateReserved": "2024-04-03T17:55:32.647Z",
    "dateUpdated": "2025-02-13T17:47:57.418Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-25641 (GCVE-0-2024-25641)

Vulnerability from cvelistv5

Published

2024-05-13 13:28

Modified

2025-02-13 17:40

Severity ?

9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

CWE

CWE-20 - Improper Input Validation

Summary

Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, an arbitrary file write vulnerability, exploitable through the "Package Import" feature, allows authenticated users having the "Import Templates" permission to execute arbitrary PHP code on the web server. The vulnerability is located within the `import_package()` function defined into the `/lib/import.php` script. The function blindly trusts the filename and file content provided within the XML data, and writes such files into the Cacti base path (or even outside, since path traversal sequences are not filtered). This can be exploited to write or overwrite arbitrary files on the web server, leading to execution of arbitrary PHP code or other security impacts. Version 1.2.27 contains a patch for this issue.

References

►

URL

Tags

	https://github.com/Cacti/cacti/security/advisories/GHSA-7cmj-g5qc-pj88	x_refsource_CONFIRM
	https://github.com/Cacti/cacti/commit/eff35b0ff26cc27c82d7880469ed6d5e3bef6210	x_refsource_MISC
	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/
	http://seclists.org/fulldisclosure/2024/May/6

Impacted products

	Vendor	Product	Version
	Cacti	cacti	Version: < 1.2.27

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:the_cacti_group:cacti:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "cacti",
            "vendor": "the_cacti_group",
            "versions": [
              {
                "lessThan": "1.2.27",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-25641",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-17T04:00:38.811632Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-06T14:30:27.247Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T23:44:09.935Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://github.com/Cacti/cacti/security/advisories/GHSA-7cmj-g5qc-pj88",
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/Cacti/cacti/security/advisories/GHSA-7cmj-g5qc-pj88"
          },
          {
            "name": "https://github.com/Cacti/cacti/commit/eff35b0ff26cc27c82d7880469ed6d5e3bef6210",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/Cacti/cacti/commit/eff35b0ff26cc27c82d7880469ed6d5e3bef6210"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2024/May/6"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "cacti",
          "vendor": "Cacti",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 1.2.27"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, an arbitrary file write vulnerability, exploitable through the \"Package Import\" feature, allows authenticated users having the \"Import Templates\" permission to execute arbitrary PHP code on the web server. The vulnerability is located within the `import_package()` function defined into the `/lib/import.php` script. The function blindly trusts the filename and file content provided within the XML data, and writes such files into the Cacti base path (or even outside, since path traversal sequences are not filtered). This can be exploited to write or overwrite arbitrary files on the web server, leading to execution of arbitrary PHP code or other security impacts. Version 1.2.27 contains a patch for this issue."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20: Improper Input Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-06-10T16:09:27.195Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/Cacti/cacti/security/advisories/GHSA-7cmj-g5qc-pj88",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/Cacti/cacti/security/advisories/GHSA-7cmj-g5qc-pj88"
        },
        {
          "name": "https://github.com/Cacti/cacti/commit/eff35b0ff26cc27c82d7880469ed6d5e3bef6210",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/Cacti/cacti/commit/eff35b0ff26cc27c82d7880469ed6d5e3bef6210"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/"
        },
        {
          "url": "http://seclists.org/fulldisclosure/2024/May/6"
        }
      ],
      "source": {
        "advisory": "GHSA-7cmj-g5qc-pj88",
        "discovery": "UNKNOWN"
      },
      "title": "Cacti RCE vulnerability when importing packages"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2024-25641",
    "datePublished": "2024-05-13T13:28:58.808Z",
    "dateReserved": "2024-02-08T22:26:33.514Z",
    "dateUpdated": "2025-02-13T17:40:51.979Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-34340 (GCVE-0-2024-34340)

Vulnerability from cvelistv5

Published

2024-05-13 15:26

Modified

2025-02-13 17:52

Severity ?

9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

CWE

CWE-287 - Improper Authentication
CWE-697 - Incorrect Comparison

Summary

Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, Cacti calls `compat_password_hash` when users set their password. `compat_password_hash` use `password_hash` if there is it, else use `md5`. When verifying password, it calls `compat_password_verify`. In `compat_password_verify`, `password_verify` is called if there is it, else use `md5`. `password_verify` and `password_hash` are supported on PHP < 5.5.0, following PHP manual. The vulnerability is in `compat_password_verify`. Md5-hashed user input is compared with correct password in database by `$md5 == $hash`. It is a loose comparison, not `===`. It is a type juggling vulnerability. Version 1.2.27 contains a patch for the issue.

References

►

URL

Tags

	https://github.com/Cacti/cacti/security/advisories/GHSA-37x7-mfjv-mm7m	x_refsource_CONFIRM
	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/

Impacted products

	Vendor	Product	Version
	Cacti	cacti	Version: < 1.2.27

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T02:51:11.436Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://github.com/Cacti/cacti/security/advisories/GHSA-37x7-mfjv-mm7m",
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/Cacti/cacti/security/advisories/GHSA-37x7-mfjv-mm7m"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:cacti:cacti:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "cacti",
            "vendor": "cacti",
            "versions": [
              {
                "lessThan": "1.2.27",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-34340",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-13T17:13:47.563016Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-21T20:47:27.400Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "cacti",
          "vendor": "Cacti",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 1.2.27"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, Cacti calls `compat_password_hash` when users set their password. `compat_password_hash` use `password_hash` if there is it, else use `md5`. When verifying password, it calls `compat_password_verify`. In `compat_password_verify`, `password_verify` is called if there is it, else use `md5`. `password_verify` and `password_hash` are supported on PHP \u003c 5.5.0, following PHP manual. The vulnerability is in `compat_password_verify`. Md5-hashed user input is compared with correct password in database by `$md5 == $hash`. It is a loose comparison, not `===`. It is a type juggling vulnerability. Version 1.2.27 contains a patch for the issue."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-287",
              "description": "CWE-287: Improper Authentication",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-697",
              "description": "CWE-697: Incorrect Comparison",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-06-10T16:09:41.115Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/Cacti/cacti/security/advisories/GHSA-37x7-mfjv-mm7m",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/Cacti/cacti/security/advisories/GHSA-37x7-mfjv-mm7m"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/"
        }
      ],
      "source": {
        "advisory": "GHSA-37x7-mfjv-mm7m",
        "discovery": "UNKNOWN"
      },
      "title": "Authentication Bypass when using using older password hashes"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2024-34340",
    "datePublished": "2024-05-13T15:26:32.364Z",
    "dateReserved": "2024-05-02T06:36:32.436Z",
    "dateUpdated": "2025-02-13T17:52:28.631Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-29894 (GCVE-0-2024-29894)

Vulnerability from cvelistv5

Published

2024-05-13 14:24

Modified

2025-02-13 17:47

Severity ?

5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L

CWE

CWE-116 - Improper Encoding or Escaping of Output
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Summary

Cacti provides an operational monitoring and fault management framework. Versions of Cacti prior to 1.2.27 contain a residual cross-site scripting vulnerability caused by an incomplete fix for CVE-2023-50250. `raise_message_javascript` from `lib/functions.php` now uses purify.js to fix CVE-2023-50250 (among others). However, it still generates the code out of unescaped PHP variables `$title` and `$header`. If those variables contain single quotes, they can be used to inject JavaScript code. An attacker exploiting this vulnerability could execute actions on behalf of other users. This ability to impersonate users could lead to unauthorized changes to settings. Version 1.2.27 fixes this issue.

References

►

URL

Tags

	https://github.com/Cacti/cacti/security/advisories/GHSA-grj5-8fcj-34gh	x_refsource_CONFIRM
	https://github.com/Cacti/cacti/security/advisories/GHSA-xwqc-7jc4-xm73	x_refsource_MISC
	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/

Impacted products

	Vendor	Product	Version
	Cacti	cacti	Version: < 1.2.27

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:cacti:cacti:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "cacti",
            "vendor": "cacti",
            "versions": [
              {
                "lessThan": "1.2.27",
                "status": "affected",
                "version": "-",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-29894",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-13T17:24:33.915547Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:56:59.868Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T01:17:58.331Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://github.com/Cacti/cacti/security/advisories/GHSA-grj5-8fcj-34gh",
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/Cacti/cacti/security/advisories/GHSA-grj5-8fcj-34gh"
          },
          {
            "name": "https://github.com/Cacti/cacti/security/advisories/GHSA-xwqc-7jc4-xm73",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/Cacti/cacti/security/advisories/GHSA-xwqc-7jc4-xm73"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "cacti",
          "vendor": "Cacti",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 1.2.27"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Cacti provides an operational monitoring and fault management framework. Versions of Cacti prior to 1.2.27 contain a residual cross-site scripting vulnerability caused by an incomplete fix for CVE-2023-50250. `raise_message_javascript` from `lib/functions.php` now uses purify.js to fix CVE-2023-50250 (among others). However, it still generates the code out of unescaped PHP variables `$title` and `$header`. If those variables contain single quotes, they can be used to inject JavaScript code. An attacker exploiting this vulnerability could execute actions on behalf of other users. This ability to impersonate users could lead to unauthorized changes to settings. Version 1.2.27 fixes this issue."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-116",
              "description": "CWE-116: Improper Encoding or Escaping of Output",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-06-10T16:09:25.526Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/Cacti/cacti/security/advisories/GHSA-grj5-8fcj-34gh",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/Cacti/cacti/security/advisories/GHSA-grj5-8fcj-34gh"
        },
        {
          "name": "https://github.com/Cacti/cacti/security/advisories/GHSA-xwqc-7jc4-xm73",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/Cacti/cacti/security/advisories/GHSA-xwqc-7jc4-xm73"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/"
        }
      ],
      "source": {
        "advisory": "GHSA-grj5-8fcj-34gh",
        "discovery": "UNKNOWN"
      },
      "title": "Cacti Cross-site Scripting vulnerability when using JavaScript based messaging API"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2024-29894",
    "datePublished": "2024-05-13T14:24:32.871Z",
    "dateReserved": "2024-03-21T15:12:08.998Z",
    "dateUpdated": "2025-02-13T17:47:43.692Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-31458 (GCVE-0-2024-31458)

Vulnerability from cvelistv5

Published

2024-05-13 15:07

Modified

2025-02-13 17:47

Severity ?

4.6 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L

CWE

CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Summary

Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, some of the data stored in `form_save()` function in `graph_template_inputs.php` is not thoroughly checked and is used to concatenate the SQL statement in `draw_nontemplated_fields_graph_item()` function from `lib/html_form_templates.php` , finally resulting in SQL injection. Version 1.2.27 contains a patch for the issue.

References

►

URL

Tags

	https://github.com/Cacti/cacti/security/advisories/GHSA-jrxg-8wh8-943x	x_refsource_CONFIRM
	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/

Impacted products

	Vendor	Product	Version
	Cacti	cacti	Version: < 1.2.27

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:cacti:cacti:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "cacti",
            "vendor": "cacti",
            "versions": [
              {
                "lessThan": "1.2.27",
                "status": "affected",
                "version": "-",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-31458",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-13T17:19:29.133180Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:37:26.944Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T01:52:57.036Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://github.com/Cacti/cacti/security/advisories/GHSA-jrxg-8wh8-943x",
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/Cacti/cacti/security/advisories/GHSA-jrxg-8wh8-943x"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "cacti",
          "vendor": "Cacti",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 1.2.27"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, some of the data stored in `form_save()` function in `graph_template_inputs.php` is not thoroughly checked and is used to concatenate the SQL statement in `draw_nontemplated_fields_graph_item()` function from `lib/html_form_templates.php` , finally resulting in SQL injection. Version 1.2.27 contains a patch for the issue."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 4.6,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-89",
              "description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-06-10T16:09:30.739Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/Cacti/cacti/security/advisories/GHSA-jrxg-8wh8-943x",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/Cacti/cacti/security/advisories/GHSA-jrxg-8wh8-943x"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/"
        }
      ],
      "source": {
        "advisory": "GHSA-jrxg-8wh8-943x",
        "discovery": "UNKNOWN"
      },
      "title": "Cacti SQL Injection vulnerability in lib/html_form_templates.php by reading dirty data stored in database"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2024-31458",
    "datePublished": "2024-05-13T15:07:08.051Z",
    "dateReserved": "2024-04-03T17:55:32.647Z",
    "dateUpdated": "2025-02-13T17:47:56.170Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-31459 (GCVE-0-2024-31459)

Vulnerability from cvelistv5

Published

2024-05-13 15:11

Modified

2025-02-13 17:47

Severity ?

8.0 (High) - CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

CWE

CWE-98 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

Summary

Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, there is a file inclusion issue in the `lib/plugin.php` file. Combined with SQL injection vulnerabilities, remote code execution can be implemented. There is a file inclusion issue with the `api_plugin_hook()` function in the `lib/plugin.php` file, which reads the plugin_hooks and plugin_config tables in database. The read data is directly used to concatenate the file path which is used for file inclusion. Version 1.2.27 contains a patch for the issue.

References

►

URL

Tags

	https://github.com/Cacti/cacti/security/advisories/GHSA-cx8g-hvq8-p2rv	x_refsource_CONFIRM
	https://github.com/Cacti/cacti/security/advisories/GHSA-gj3f-p326-gh8r	x_refsource_MISC
	https://github.com/Cacti/cacti/security/advisories/GHSA-pfh9-gwm6-86vp	x_refsource_MISC
	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/

Impacted products

	Vendor	Product	Version
	Cacti	cacti	Version: < 1.2.27

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:cacti:cacti:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "cacti",
            "vendor": "cacti",
            "versions": [
              {
                "lessThan": "1.2.27",
                "status": "affected",
                "version": "-",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-31459",
                "options": [
                  {
                    "Exploitation": "PoC"
                  },
                  {
                    "Automatable": "No"
                  },
                  {
                    "Technical Impact": "Total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-17T04:00:41.024822Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:37:02.148Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T01:52:57.038Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://github.com/Cacti/cacti/security/advisories/GHSA-cx8g-hvq8-p2rv",
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/Cacti/cacti/security/advisories/GHSA-cx8g-hvq8-p2rv"
          },
          {
            "name": "https://github.com/Cacti/cacti/security/advisories/GHSA-gj3f-p326-gh8r",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/Cacti/cacti/security/advisories/GHSA-gj3f-p326-gh8r"
          },
          {
            "name": "https://github.com/Cacti/cacti/security/advisories/GHSA-pfh9-gwm6-86vp",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/Cacti/cacti/security/advisories/GHSA-pfh9-gwm6-86vp"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "cacti",
          "vendor": "Cacti",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 1.2.27"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, there is a file inclusion issue in the `lib/plugin.php` file. Combined with SQL injection vulnerabilities, remote code execution can be implemented. There is a file inclusion issue with the `api_plugin_hook()` function in the `lib/plugin.php` file, which reads the plugin_hooks and plugin_config tables in database. The read data is directly used to concatenate the file path which is used for file inclusion. Version 1.2.27 contains a patch for the issue."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-98",
              "description": "CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program (\u0027PHP Remote File Inclusion\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-06-10T16:09:23.721Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/Cacti/cacti/security/advisories/GHSA-cx8g-hvq8-p2rv",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/Cacti/cacti/security/advisories/GHSA-cx8g-hvq8-p2rv"
        },
        {
          "name": "https://github.com/Cacti/cacti/security/advisories/GHSA-gj3f-p326-gh8r",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/Cacti/cacti/security/advisories/GHSA-gj3f-p326-gh8r"
        },
        {
          "name": "https://github.com/Cacti/cacti/security/advisories/GHSA-pfh9-gwm6-86vp",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/Cacti/cacti/security/advisories/GHSA-pfh9-gwm6-86vp"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/"
        }
      ],
      "source": {
        "advisory": "GHSA-cx8g-hvq8-p2rv",
        "discovery": "UNKNOWN"
      },
      "title": "Cacti RCE vulnerability by file include in lib/plugin.php"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2024-31459",
    "datePublished": "2024-05-13T15:11:37.909Z",
    "dateReserved": "2024-04-03T17:55:32.647Z",
    "dateUpdated": "2025-02-13T17:47:56.727Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-31443 (GCVE-0-2024-31443)

Vulnerability from cvelistv5

Published

2024-05-13 15:01

Modified

2025-02-13 17:47

Severity ?

5.7 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H

CWE

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Summary

Cacti provides an operational monitoring and fault management framework. Prior to 1.2.27, some of the data stored in `form_save()` function in `data_queries.php` is not thoroughly checked and is used to concatenate the HTML statement in `grow_right_pane_tree()` function from `lib/html.php` , finally resulting in cross-site scripting. Version 1.2.27 contains a patch for the issue.

References

►

URL

Tags

	https://github.com/Cacti/cacti/security/advisories/GHSA-rqc8-78cm-85j3	x_refsource_CONFIRM
	https://github.com/Cacti/cacti/commit/f946fa537d19678f938ddbd784a10e3290d275cf	x_refsource_MISC
	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/

Impacted products

	Vendor	Product	Version
	Cacti	cacti	Version: < 1.2.27

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:cacti:cacti:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "cacti",
            "vendor": "cacti",
            "versions": [
              {
                "lessThan": "1.2.27",
                "status": "affected",
                "version": "-",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-31443",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-13T17:21:18.416166Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:37:10.526Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T01:52:56.980Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://github.com/Cacti/cacti/security/advisories/GHSA-rqc8-78cm-85j3",
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/Cacti/cacti/security/advisories/GHSA-rqc8-78cm-85j3"
          },
          {
            "name": "https://github.com/Cacti/cacti/commit/f946fa537d19678f938ddbd784a10e3290d275cf",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/Cacti/cacti/commit/f946fa537d19678f938ddbd784a10e3290d275cf"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "cacti",
          "vendor": "Cacti",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 1.2.27"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Cacti provides an operational monitoring and fault management framework. Prior to 1.2.27, some of the data stored in `form_save()` function in `data_queries.php` is not thoroughly checked and is used to concatenate the HTML statement in `grow_right_pane_tree()` function from `lib/html.php` , finally resulting in cross-site scripting. Version 1.2.27 contains a patch for the issue."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 5.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-06-10T16:09:28.946Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/Cacti/cacti/security/advisories/GHSA-rqc8-78cm-85j3",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/Cacti/cacti/security/advisories/GHSA-rqc8-78cm-85j3"
        },
        {
          "name": "https://github.com/Cacti/cacti/commit/f946fa537d19678f938ddbd784a10e3290d275cf",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/Cacti/cacti/commit/f946fa537d19678f938ddbd784a10e3290d275cf"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/"
        }
      ],
      "source": {
        "advisory": "GHSA-rqc8-78cm-85j3",
        "discovery": "UNKNOWN"
      },
      "title": "Cacti XSS vulnerability in lib/html_tree.php by reading dirty data stored in database"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2024-31443",
    "datePublished": "2024-05-13T15:01:44.324Z",
    "dateReserved": "2024-04-03T17:55:32.645Z",
    "dateUpdated": "2025-02-13T17:47:54.370Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-31445 (GCVE-0-2024-31445)

Vulnerability from cvelistv5

Published

2024-05-13 15:05

Modified

2025-02-13 17:47

Severity ?

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Summary

Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, a SQL injection vulnerability in `automation_get_new_graphs_sql` function of `api_automation.php` allows authenticated users to exploit these SQL injection vulnerabilities to perform privilege escalation and remote code execution. In `api_automation.php` line 856, the `get_request_var('filter')` is being concatenated into the SQL statement without any sanitization. In `api_automation.php` line 717, The filter of `'filter'` is `FILTER_DEFAULT`, which means there is no filter for it. Version 1.2.27 contains a patch for the issue.

References

►

URL

Tags

	https://github.com/Cacti/cacti/security/advisories/GHSA-vjph-r677-6pcc	x_refsource_CONFIRM
	https://github.com/Cacti/cacti/commit/fd93c6e47651958b77c3bbe6a01fff695f81e886	x_refsource_MISC
	https://github.com/Cacti/cacti/blob/501712998589763d411a68d35e3cda98fd9cfd18/lib/api_automation.php#L717	x_refsource_MISC
	https://github.com/Cacti/cacti/blob/501712998589763d411a68d35e3cda98fd9cfd18/lib/api_automation.php#L856	x_refsource_MISC
	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/

Impacted products

	Vendor	Product	Version
	Cacti	cacti	Version: < 1.2.27

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:cacti:cacti:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "cacti",
            "vendor": "cacti",
            "versions": [
              {
                "lessThan": "1.2.27",
                "status": "affected",
                "version": "-",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-31445",
                "options": [
                  {
                    "Exploitation": "PoC"
                  },
                  {
                    "Automatable": "Yes"
                  },
                  {
                    "Technical Impact": "Total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-17T04:00:40.261346Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:36:44.004Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T01:52:56.986Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://github.com/Cacti/cacti/security/advisories/GHSA-vjph-r677-6pcc",
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/Cacti/cacti/security/advisories/GHSA-vjph-r677-6pcc"
          },
          {
            "name": "https://github.com/Cacti/cacti/commit/fd93c6e47651958b77c3bbe6a01fff695f81e886",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/Cacti/cacti/commit/fd93c6e47651958b77c3bbe6a01fff695f81e886"
          },
          {
            "name": "https://github.com/Cacti/cacti/blob/501712998589763d411a68d35e3cda98fd9cfd18/lib/api_automation.php#L717",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/Cacti/cacti/blob/501712998589763d411a68d35e3cda98fd9cfd18/lib/api_automation.php#L717"
          },
          {
            "name": "https://github.com/Cacti/cacti/blob/501712998589763d411a68d35e3cda98fd9cfd18/lib/api_automation.php#L856",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/Cacti/cacti/blob/501712998589763d411a68d35e3cda98fd9cfd18/lib/api_automation.php#L856"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "cacti",
          "vendor": "Cacti",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 1.2.27"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, a SQL injection vulnerability in `automation_get_new_graphs_sql` function of `api_automation.php` allows authenticated users to exploit these SQL injection vulnerabilities to perform privilege escalation and remote code execution. In `api_automation.php` line 856, the `get_request_var(\u0027filter\u0027)` is being concatenated into the SQL statement without any sanitization. In `api_automation.php` line 717, The filter of `\u0027filter\u0027` is `FILTER_DEFAULT`, which means there is no filter for it. Version 1.2.27 contains a patch for the issue."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-89",
              "description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-06-10T16:09:37.555Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/Cacti/cacti/security/advisories/GHSA-vjph-r677-6pcc",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/Cacti/cacti/security/advisories/GHSA-vjph-r677-6pcc"
        },
        {
          "name": "https://github.com/Cacti/cacti/commit/fd93c6e47651958b77c3bbe6a01fff695f81e886",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/Cacti/cacti/commit/fd93c6e47651958b77c3bbe6a01fff695f81e886"
        },
        {
          "name": "https://github.com/Cacti/cacti/blob/501712998589763d411a68d35e3cda98fd9cfd18/lib/api_automation.php#L717",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/Cacti/cacti/blob/501712998589763d411a68d35e3cda98fd9cfd18/lib/api_automation.php#L717"
        },
        {
          "name": "https://github.com/Cacti/cacti/blob/501712998589763d411a68d35e3cda98fd9cfd18/lib/api_automation.php#L856",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/Cacti/cacti/blob/501712998589763d411a68d35e3cda98fd9cfd18/lib/api_automation.php#L856"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/"
        }
      ],
      "source": {
        "advisory": "GHSA-vjph-r677-6pcc",
        "discovery": "UNKNOWN"
      },
      "title": "SQL Injection vulnerability in automation_get_new_graphs_sql"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2024-31445",
    "datePublished": "2024-05-13T15:05:56.662Z",
    "dateReserved": "2024-04-03T17:55:32.645Z",
    "dateUpdated": "2025-02-13T17:47:55.571Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

opensuse-su-2024:13962-1

Vulnerability from csaf_opensuse

CVE-2024-27082 (GCVE-0-2024-27082)

Vulnerability from cvelistv5

CVE-2024-31444 (GCVE-0-2024-31444)

Vulnerability from cvelistv5

CVE-2024-31460 (GCVE-0-2024-31460)

Vulnerability from cvelistv5

CVE-2024-25641 (GCVE-0-2024-25641)

Vulnerability from cvelistv5

CVE-2024-34340 (GCVE-0-2024-34340)

Vulnerability from cvelistv5

CVE-2024-29894 (GCVE-0-2024-29894)

Vulnerability from cvelistv5

CVE-2024-31458 (GCVE-0-2024-31458)

Vulnerability from cvelistv5

CVE-2024-31459 (GCVE-0-2024-31459)

Vulnerability from cvelistv5

CVE-2024-31443 (GCVE-0-2024-31443)

Vulnerability from cvelistv5

CVE-2024-31445 (GCVE-0-2024-31445)

Vulnerability from cvelistv5

Tags

Sightings

Nomenclature