Upstream information
Description
In Cacti through 1.2.6, authenticated users may bypass authorization checks (for viewing a graph) via a direct graph_json.php request with a modified local_graph_id parameter.SUSE information
Overall state of this security issue: Resolved
This issue is currently rated as having moderate severity.
National Vulnerability Database | |
---|---|
Base Score | 4 |
Vector | AV:N/AC:L/Au:S/C:P/I:N/A:N |
Access Vector | Network |
Access Complexity | Low |
Authentication | Single |
Confidentiality Impact | Partial |
Integrity Impact | None |
Availability Impact | None |
National Vulnerability Database | |
---|---|
Base Score | 4.3 |
Vector | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
Attack Vector | Network |
Attack Complexity | Low |
Privileges Required | Low |
User Interaction | None |
Scope | Unchanged |
Confidentiality Impact | Low |
Integrity Impact | None |
Availability Impact | None |
CVSSv3 Version | 3.1 |
SUSE Security Advisories:
- openSUSE-SU-2020:0272-1, published Sun, 1 Mar 2020 21:14:07 +0100 (CET)
- openSUSE-SU-2020:0284-1, published Mon, 2 Mar 2020 18:39:27 +0100 (CET)
- openSUSE-SU-2020:0558-1, published Tue, 28 Apr 2020 00:13:39 +0200 (CEST)
- openSUSE-SU-2020:0565-1, published Thu, 30 Apr 2020 21:22:17 +0200 (CEST)
List of released packages
Product(s) | Fixed package version(s) | References |
---|---|---|
SUSE Package Hub 12 |
| Patchnames: openSUSE-2020-558 |
SUSE Package Hub 15 SP1 |
| Patchnames: openSUSE-2020-284 openSUSE-2020-565 |
openSUSE Leap 15.1 |
| Patchnames: openSUSE-2020-272 openSUSE-2020-558 |
openSUSE Tumbleweed |
| Patchnames: openSUSE Tumbleweed GA cacti-1.2.18-1.2 |
SUSE Timeline for this CVE
CVE page created: Mon Sep 23 23:39:37 2019CVE page last modified: Wed Oct 26 22:07:25 2022