Bug 1163749 – VUL-0: CVE-2020-7106: cacti: Lack of escaping on some pages can lead to XSS exposure

Bug 1163749 - (CVE-2020-7106) VUL-0: CVE-2020-7106: cacti: Lack of escaping on some pages can lead to XSS exposure

(CVE-2020-7106)
Summary:	VUL-0: CVE-2020-7106: cacti: Lack of escaping on some pages can lead to XSS e...

Status:	RESOLVED FIXED

Classification:	openSUSE
Product:	openSUSE Distribution
Classification:	openSUSE
Component:	Security
Version:	Leap 15.1
Hardware:	Other Other

Priority:	P3 - Medium Severity: Normal (vote)
Target Milestone:	---
Assigned To:	Andreas Stieger
QA Contact:	Security Team bot

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Create test case

Clone This Bug

Reported:	2020-02-15 18:49 UTC by Andreas Stieger
Modified:	2020-05-24 18:56 UTC (History)
CC List:	2 users (show)

See Also:
Found By:	---
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Andreas Stieger 2020-02-15 18:49:39 UTC

Fixed in cacti 1.2.9:
 security#3191: Lack of escaping on some pages can lead to XSS exposure (CVE-2020-7106)

Comment 1 Swamp Workflow Management 2020-02-15 19:30:58 UTC

This is an autogenerated message for OBS integration:
This bug (1163749) was mentioned in
https://build.opensuse.org/request/show/774590 15.1 / cacti+cacti-spine

Comment 2 Swamp Workflow Management 2020-03-01 20:15:25 UTC

openSUSE-SU-2020:0272-1: An update that solves 10 vulnerabilities and has two fixes is now available.

Category: security (important)
Bug References: 1082318,1101024,1101139,1122242,1122243,1122244,1122245,1122535,1158990,1158992,1161297,1163749
CVE References: CVE-2009-4112,CVE-2018-20723,CVE-2018-20724,CVE-2018-20725,CVE-2018-20726,CVE-2019-16723,CVE-2019-17357,CVE-2019-17358,CVE-2020-7106,CVE-2020-7237
Sources used:
openSUSE Leap 15.1 (src):    cacti-1.2.9-lp151.3.3.1, cacti-spine-1.2.9-lp151.3.3.1

Comment 3 Swamp Workflow Management 2020-03-02 17:40:48 UTC

openSUSE-SU-2020:0284-1: An update that solves 10 vulnerabilities and has two fixes is now available.

Category: security (important)
Bug References: 1082318,1101024,1101139,1122242,1122243,1122244,1122245,1122535,1158990,1158992,1161297,1163749
CVE References: CVE-2009-4112,CVE-2018-20723,CVE-2018-20724,CVE-2018-20725,CVE-2018-20726,CVE-2019-16723,CVE-2019-17357,CVE-2019-17358,CVE-2020-7106,CVE-2020-7237
Sources used:
openSUSE Backports SLE-15-SP1 (src):    cacti-1.2.9-bp151.4.3.1, cacti-spine-1.2.9-bp151.4.3.1

Comment 4 Andreas Stieger 2020-04-11 13:26:46 UTC

done

Comment 5 Andreas Stieger 2020-05-07 09:39:24 UTC

https://www.cacti.net/changelog.php

Changelog
1.2.12
 
security#3467: Lack of escaping of color items can lead to XSS exposure (CVE-2020-7106)

Comment 6 Andreas Stieger 2020-05-07 09:44:19 UTC

https://build.opensuse.org/request/show/801089
https://build.opensuse.org/request/show/801092
https://build.opensuse.org/request/show/801094

Comment 7 Andreas Stieger 2020-05-24 18:56:33 UTC

done