Bug 1188188 - (CVE-2020-14424) VUL-0: CVE-2020-14424: cacti: Lack of escaping on template import can lead to XSS exposure under 'midwinter' theme
(CVE-2020-14424)
VUL-0: CVE-2020-14424: cacti: Lack of escaping on template import can lead to...
Status: RESOLVED FIXED
Classification: openSUSE
Product: openSUSE Distribution
Classification: openSUSE
Component: Security
Leap 15.3
Other Other
: P3 - Medium : Normal (vote)
: ---
Assigned To: Security Team bot
E-mail List
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2021-07-10 06:44 UTC by Andreas Stieger
Modified: 2021-11-06 16:11 UTC (History)
2 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Andreas Stieger 2021-07-10 06:44:30 UTC
Fixed in cacti 1.2.18:
Lack of escaping on template import can lead to XSS exposure under 'midwinter' theme

https://github.com/Cacti/cacti/pull/4261
Comment 1 Andreas Stieger 2021-08-21 08:20:16 UTC
submitted
Comment 2 OBSbugzilla Bot 2021-08-21 08:50:05 UTC
This is an autogenerated message for OBS integration:
This bug (1188188) was mentioned in
https://build.opensuse.org/request/show/913438 Factory / cacti
https://build.opensuse.org/request/show/913440 15.2+Backports:SLE-12+Backports:SLE-15-SP3 / cacti+cacti-spine
Comment 3 Swamp Workflow Management 2021-08-25 19:17:09 UTC
# maintenance_jira_update_notice
openSUSE-SU-2021:1190-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 1188188
CVE References: CVE-2020-14424
JIRA References: 
Sources used:
openSUSE Leap 15.2 (src):    cacti-1.2.18-lp152.2.15.1, cacti-spine-1.2.18-lp152.2.12.1
openSUSE Backports SLE-15-SP3 (src):    cacti-1.2.18-bp153.2.3.1, cacti-spine-1.2.18-bp153.2.3.1
Comment 4 Swamp Workflow Management 2021-08-25 19:29:13 UTC
# maintenance_jira_update_notice
openSUSE-SU-2021:1190-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 1188188
CVE References: CVE-2020-14424
JIRA References: 
Sources used:
openSUSE Leap 15.2 (src):    cacti-1.2.18-lp152.2.15.1, cacti-spine-1.2.18-lp152.2.12.1
openSUSE Backports SLE-15-SP3 (src):    cacti-1.2.18-bp153.2.3.1, cacti-spine-1.2.18-bp153.2.3.1
SUSE Package Hub for SUSE Linux Enterprise 12 (src):    cacti-1.2.18-23.1, cacti-spine-1.2.18-17.1
Comment 5 Swamp Workflow Management 2021-08-29 01:16:53 UTC
# maintenance_jira_update_notice
openSUSE-SU-2021:1208-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 1188188
CVE References: CVE-2020-14424
JIRA References: 
Sources used:
openSUSE Backports SLE-15-SP2 (src):    cacti-1.2.18-bp152.2.13.1, cacti-spine-1.2.18-bp152.2.10.1
Comment 6 Andreas Stieger 2021-11-06 16:11:47 UTC
done