Package cacti updated to version 1.2.18-alt1 for branch sisyphus in task 279428.

Published: 2021-11-14
Modified: 2024-11-21

CVE-2020-14424

Cacti before 1.2.18 allows remote attackers to trigger XSS via template import for the midwinter theme.

Severity: MEDIUM (6.1) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References:

https://bugzilla.redhat.com/show_bug.cgi?id=2001016
https://bugzilla.redhat.com/show_bug.cgi?id=2001016
https://github.com/Cacti/cacti/pull/4261
https://github.com/Cacti/cacti/pull/4261

Published: 2021-01-11
Modified: 2024-11-21

CVE-2020-35701

An issue was discovered in Cacti 1.2.x through 1.2.16. A SQL injection vulnerability in data_debug.php allows remote authenticated attackers to execute arbitrary SQL commands via the site_id parameter. This can lead to remote code execution.

Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References:

https://asaf.me/2020/12/15/cacti-1-2-0-to-1-2-16-sql-injection/
https://asaf.me/2020/12/15/cacti-1-2-0-to-1-2-16-sql-injection/
https://github.com/Cacti/cacti/issues/4022
https://github.com/Cacti/cacti/issues/4022
FEDORA-2021-598b6d2924
FEDORA-2021-598b6d2924
FEDORA-2021-0e0fd08e44
FEDORA-2021-0e0fd08e44
FEDORA-2021-6dfba2aabf
FEDORA-2021-6dfba2aabf
GLSA-202101-31
GLSA-202101-31

Version: 2.1.0

Package cacti update in sisyphus on 2021-07-17

ALT-PU-2021-2264-1

Closed vulnerabilities

CVE-2020-14424

CVE-2020-35701