Upstream information
Description
In Cacti through 1.2.6, authenticated users may bypass authorization checks (for viewing a graph) via a direct graph_json.php request with a modified local_graph_id parameter.SUSE information
Overall state of this security issue: Does not affect SUSE products
This issue is currently rated as having moderate severity.
SUSE Bugzilla entry: 1151788 [RESOLVED / FIXED] SUSE Security Advisories:- openSUSE-SU-2020:0272-1, published Sun, 1 Mar 2020 21:14:07 +0100 (CET)
- openSUSE-SU-2020:0284-1, published Mon, 2 Mar 2020 18:39:27 +0100 (CET)
- openSUSE-SU-2020:0558-1, published Tue, 28 Apr 2020 00:13:39 +0200 (CEST)
- openSUSE-SU-2020:0565-1, published Thu, 30 Apr 2020 21:22:17 +0200 (CEST)
List of released packages
Product(s) | Fixed package version(s) | References |
---|---|---|
SUSE Package Hub 12 |
| Patchnames: openSUSE-2020-558 |
SUSE Package Hub 15 SP1 |
| Patchnames: openSUSE-2020-284 openSUSE-2020-565 |
openSUSE Leap 15.1 |
| Patchnames: openSUSE-2020-272 openSUSE-2020-558 |
openSUSE Tumbleweed |
| Patchnames: openSUSE Tumbleweed GA cacti-1.2.18-1.2 |