Bugzilla – Bug 1169215
VUL-0: cacti: CVE-2020-13230,CVE-2020-13231: multiple vulnerabilities fixed and security hardening applied in 1.2.11
Last modified: 2020-05-24 19:01:12 UTC
From https://www.cacti.net/changelog.php security#1566: Add SameSite support for cookies https://github.com/Cacti/cacti/issues/1566 hardening against cookie theft security#1985: Cookie should be properly verified against password https://github.com/Cacti/cacti/issues/1985 If the password has been verified and the "Save password" option ticked during login, a cookie is created which links to the username. However, if the password is changed, the cookie will still be valid thus allowing someone who had stored the password access when they should not have. security#3342: CSRF at Admin Email https://github.com/Cacti/cacti/issues/3342 A malformed GET request at http://192.168.56.106/cacti/auth_profile.php?action=edit can lead to admin email change. security#3343: Improper Access Control on disabling a user. https://github.com/Cacti/cacti/issues/3343 Cacti admin console provides a functionality to disable a created user which takes his privileges to perform any action but if a page is auto-refreshed a disabled user can view updated data. security#3414: Update to jQuery 3.4.1 to resolve XSS issues with jQuery 3.3.1 https://github.com/Cacti/cacti/issues/3414 jQuery less than version 3.4 versions have an XSS vulnerability.
submitted for the maintainers (no single clear maintainer)
This is an autogenerated message for OBS integration: This bug (1169215) was mentioned in https://build.opensuse.org/request/show/793099 15.1+Backports:SLE-12 / cacti+cacti-spine
openSUSE-SU-2020:0558-1: An update that fixes 11 vulnerabilities is now available. Category: security (important) Bug References: 1082318,1122242,1122243,1122244,1122245,1122535,1158990,1158992,1161297,1164675,1169215 CVE References: CVE-2009-4112,CVE-2018-20723,CVE-2018-20724,CVE-2018-20725,CVE-2018-20726,CVE-2019-16723,CVE-2019-17357,CVE-2019-17358,CVE-2020-7106,CVE-2020-7237,CVE-2020-8813 Sources used: SUSE Package Hub for SUSE Linux Enterprise 12 (src): cacti-1.2.11-5.1, cacti-spine-1.2.11-2.1
openSUSE-SU-2020:0558-1: An update that fixes 11 vulnerabilities is now available. Category: security (important) Bug References: 1082318,1122242,1122243,1122244,1122245,1122535,1158990,1158992,1161297,1164675,1169215 CVE References: CVE-2009-4112,CVE-2018-20723,CVE-2018-20724,CVE-2018-20725,CVE-2018-20726,CVE-2019-16723,CVE-2019-17357,CVE-2019-17358,CVE-2020-7106,CVE-2020-7237,CVE-2020-8813 Sources used: openSUSE Leap 15.1 (src): cacti-1.2.11-lp151.3.6.1, cacti-spine-1.2.11-lp151.3.6.1 SUSE Package Hub for SUSE Linux Enterprise 12 (src): cacti-1.2.11-5.1, cacti-spine-1.2.11-2.1
openSUSE-SU-2020:0565-1: An update that fixes 11 vulnerabilities is now available. Category: security (important) Bug References: 1082318,1122242,1122243,1122244,1122245,1122535,1158990,1158992,1161297,1164675,1169215 CVE References: CVE-2009-4112,CVE-2018-20723,CVE-2018-20724,CVE-2018-20725,CVE-2018-20726,CVE-2019-16723,CVE-2019-17357,CVE-2019-17358,CVE-2020-7106,CVE-2020-7237,CVE-2020-8813 Sources used: openSUSE Backports SLE-15-SP1 (src): cacti-1.2.11-bp151.4.6.1, cacti-spine-1.2.11-bp151.4.6.1
Done
*** Bug 1171986 has been marked as a duplicate of this bug. ***
*** Bug 1171987 has been marked as a duplicate of this bug. ***
CVE assigned after our update: CVE-2020-13230 In Cacti before 1.2.11, disabling a user account does not immediately invalidate any permissions granted to that account (e.g., permission to view logs). CVE-2020-13231 In Cacti before 1.2.11, auth_profile.php?action=edit allows CSRF for an admin email change.