USN-5214-1

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/notices/USN-5214-1

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-5214-1.json

JSON Data

https://api.osv.dev/v1/vulns/USN-5214-1

Related

Published

2022-06-09T09:14:15.350841Z

Modified

2022-06-09T09:14:15.350841Z

Summary

cacti vulnerabilities

Details

It was discovered that Cacti was incorrectly validating permissions for user accounts that had been recently disabled. An authenticated attacker could possibly use this to obtain unauthorized access to application and system data. (CVE-2020-13230)

It was discovered that Cacti was incorrectly performing authorization checks in auth_profile.php. A remote unauthenticated attacker could use this to perform a CSRF attack and set a new admin email or make other changes. This issue only affected Ubuntu 18.04 ESM and Ubuntu 20.04 ESM. (CVE-2020-13231)

It was discovered that Cacti incorrectly handled user provided input sent through request parameters to the color.php script. A remote authenticated attacker could use this issue to perform SQL injection attacks. This issue only affected Ubuntu 18.04 ESM and Ubuntu 20.04 ESM. (CVE-2020-14295)

It was discovered that Cacti did not properly escape file input fields when performing template import operations for various themes. An authenticated attacker could use this to perform XSS attacks. This issue only affected Ubuntu 18.04 ESM and Ubuntu 20.04 ESM. (CVE-2020-14424)

It was discovered that Cacti incorrectly handled user provided input sent through request parameters to the data_debug.php script. A remote authenticated attacker could use this issue to perform SQL injection attacks. This issue only affected Ubuntu 20.04 ESM. (CVE-2020-35701)

References

Affected packages

Ubuntu:Pro:16.04:LTS / cacti

Package

Name: cacti
Purl: pkg:deb/ubuntu/cacti?arch=src?distro=esm-apps/xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.8.8f+ds1-4ubuntu4.16.04.2+esm1

Affected versions

0.*

0.8.8f+ds1-2

0.8.8f+ds1-3

0.8.8f+ds1-4

0.8.8f+ds1-4ubuntu1

0.8.8f+ds1-4ubuntu2

0.8.8f+ds1-4ubuntu3

0.8.8f+ds1-4ubuntu4

0.8.8f+ds1-4ubuntu4.16.04

0.8.8f+ds1-4ubuntu4.16.04.1

0.8.8f+ds1-4ubuntu4.16.04.2

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "binaries": [
        {
            "binary_version": "0.8.8f+ds1-4ubuntu4.16.04.2+esm1",
            "binary_name": "cacti"
        }
    ]
}

Ubuntu:Pro:18.04:LTS / cacti

Package

Name: cacti
Purl: pkg:deb/ubuntu/cacti?arch=src?distro=esm-apps/bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.1.38+ds1-1ubuntu0.1~esm1

Affected versions

1.*

1.1.18+ds1-1

1.1.27+ds1-2

1.1.27+ds1-3

1.1.28+ds1-2

1.1.35+ds1-1

1.1.36+ds1-1

1.1.38+ds1-1

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "binaries": [
        {
            "binary_version": "1.1.38+ds1-1ubuntu0.1~esm1",
            "binary_name": "cacti"
        }
    ]
}

Ubuntu:Pro:20.04:LTS / cacti

Package

Name: cacti
Purl: pkg:deb/ubuntu/cacti?arch=src?distro=esm-apps/focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.2.10+ds1-1ubuntu1+esm1

Affected versions

1.*

1.2.4+ds1-2ubuntu3

1.2.9+ds1-1ubuntu1

1.2.9+ds1-1ubuntu2

1.2.10+ds1-1ubuntu1

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "binaries": [
        {
            "binary_version": "1.2.10+ds1-1ubuntu1+esm1",
            "binary_name": "cacti"
        }
    ]
}