Upstream information

CVE-2019-16723 at MITRE

Description

In Cacti through 1.2.6, authenticated users may bypass authorization checks (for viewing a graph) via a direct graph_json.php request with a modified local_graph_id parameter.

SUSE information

Overall state of this security issue: Does not affect SUSE products

This issue is currently rated as having moderate severity.

SUSE Bugzilla entry: 1151788 [RESOLVED / FIXED]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE Package Hub for SUSE Linux Enterprise 12
  • cacti >= 1.2.11-5.1
  • cacti-spine >= 1.2.11-2.1
  • cacti-spine-debuginfo >= 1.2.11-2.1
  • cacti-spine-debugsource >= 1.2.11-2.1
Patchnames:
openSUSE-2020-558
openSUSE Leap 15.1
  • cacti >= 1.2.11-lp151.3.6.1
  • cacti-spine >= 1.2.11-lp151.3.6.1
  • cacti-spine-debuginfo >= 1.2.11-lp151.3.6.1
  • cacti-spine-debugsource >= 1.2.11-lp151.3.6.1
Patchnames:
openSUSE-2020-272
openSUSE-2020-558