ALT Linux Team

Package cacti update in sisyphus on 2020-11-23

ALT-PU-2020-3394-1

Package cacti updated to version 1.2.15-alt1 for branch sisyphus in task 262335.

Closed vulnerabilities

Published: 2020-05-20
Modified: 2024-11-21

CVE-2020-13230

In Cacti before 1.2.11, disabling a user account does not immediately invalidate any permissions granted to that account (e.g., permission to view logs).

Severity: MEDIUM (4.0) Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N
Severity: MEDIUM (4.3) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
References:
Published: 2020-05-20
Modified: 2024-11-21

CVE-2020-13231

In Cacti before 1.2.11, auth_profile.php?action=edit allows CSRF for an admin email change.

Severity: MEDIUM (4.3) Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
References:
VKontakte | Telegram | YouTube | Forum | GitHub | Bugzilla
Version: 2.1.2
Back to top