1224237 – (CVE-2024-31445) VUL-0: CVE-2024-31445: cacti: SQL injection vulnerability when retrieving graphs using Automation API

Bug 1224237 (CVE-2024-31445) - VUL-0: CVE-2024-31445: cacti: SQL injection vulnerability when retrieving graphs using Automation API

Summary: VUL-0: CVE-2024-31445: cacti: SQL injection vulnerability when retrieving gra...

Status:	RESOLVED FIXED

Alias:	CVE-2024-31445

Product:	openSUSE Distribution
Classification:	openSUSE
Component:	Security (show other bugs)
Version:	Leap 15.6
Hardware:	Other Other

Priority:	P3 - Medium Severity: Normal (vote)
Target Milestone:	---
Assignee:	Security Team bot
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/405129/
Whiteboard:
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2024-05-14 18:22 UTC by SMASH SMASH
Modified:	2024-05-15 19:31 UTC (History)
CC List:	2 users (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description SMASH SMASH 2024-05-14 18:22:23 UTC

Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, a SQL injection vulnerability in `automation_get_new_graphs_sql` function of `api_automation.php` allows authenticated users to exploit these SQL injection vulnerabilities to perform privilege escalation and remote code execution. In `api_automation.php` line 856, the `get_request_var('filter')` is being concatenated into the SQL statement without any sanitization. In `api_automation.php` line 717, The filter of `'filter'` is `FILTER_DEFAULT`, which means there is no filter for it. Version 1.2.27 contains a patch for the issue.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-31445
https://www.cve.org/CVERecord?id=CVE-2024-31445
https://github.com/Cacti/cacti/blob/501712998589763d411a68d35e3cda98fd9cfd18/lib/api_automation.php#L717
https://github.com/Cacti/cacti/blob/501712998589763d411a68d35e3cda98fd9cfd18/lib/api_automation.php#L856
https://github.com/Cacti/cacti/commit/fd93c6e47651958b77c3bbe6a01fff695f81e886
https://github.com/Cacti/cacti/security/advisories/GHSA-vjph-r677-6pcc

Comment 2 OBSbugzilla Bot 2024-05-14 19:25:10 UTC

This is an autogenerated message for OBS integration:
This bug (1224237) was mentioned in
https://build.opensuse.org/request/show/1174071 Factory / cacti
https://build.opensuse.org/request/show/1174072 Backports:SLE-12+Backports:SLE-15-SP5 / cacti+cacti-spine

Comment 3 OBSbugzilla Bot 2024-05-14 20:55:09 UTC

This is an autogenerated message for OBS integration:
This bug (1224237) was mentioned in
https://build.opensuse.org/request/show/1174083 Backports:SLE-12+Backports:SLE-15-SP5 / cacti+cacti-spine

Comment 4 Andreas Stieger 2024-05-15 19:31:31 UTC

done