CVE-2019-16723

Upstream information

CVE-2019-16723 at MITRE

Description

In Cacti through 1.2.6, authenticated users may bypass authorization checks (for viewing a graph) via a direct graph_json.php request with a modified local_graph_id parameter.

SUSE information

Overall state of this security issue: Does not affect SUSE products

This issue is currently rated as having moderate severity.

SUSE Bugzilla entry: 1151788 [RESOLVED / FIXED]

SUSE Security Advisories:

openSUSE-SU-2020:0272-1, published Sun, 1 Mar 2020 21:14:07 +0100 (CET)
openSUSE-SU-2020:0284-1, published Mon, 2 Mar 2020 18:39:27 +0100 (CET)
openSUSE-SU-2020:0558-1, published Tue, 28 Apr 2020 00:13:39 +0200 (CEST)
openSUSE-SU-2020:0565-1, published Thu, 30 Apr 2020 21:22:17 +0200 (CEST)

List of released packages

Product(s)	Fixed package version(s)	References
SUSE Package Hub 12	`cacti >= 1.2.11-5.1` `cacti-spine >= 1.2.11-2.1`	Patchnames: openSUSE-2020-558
SUSE Package Hub 15 SP1	`cacti >= 1.2.11-bp151.4.6.1` `cacti-spine >= 1.2.11-bp151.4.6.1`	Patchnames: openSUSE-2020-284 openSUSE-2020-565
openSUSE Leap 15.1	`cacti >= 1.2.11-lp151.3.6.1` `cacti-spine >= 1.2.11-lp151.3.6.1`	Patchnames: openSUSE-2020-272 openSUSE-2020-558
openSUSE Tumbleweed	`cacti >= 1.2.18-1.2`	Patchnames: openSUSE Tumbleweed GA cacti-1.2.18-1.2

CVE-2019-16723

Common Vulnerabilities and Exposures

Upstream information

Description

SUSE information

List of released packages

Business-Critical Linux

Enterprise Container Management

Edge

Solutions

Industries

Support

Services

Resources

Partners

Communities

About