[Git][security-tracker-team/security-tracker][master] CVE-2021-23225/cacti: precisions
Sylvain Beucler (@beuc)
beuc at debian.org
Sat Mar 26 18:42:58 GMT 2022
Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker
Commits:
3023859a by Sylvain Beucler at 2022-03-26T19:34:40+01:00
CVE-2021-23225/cacti: precisions
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -30149,6 +30149,8 @@ CVE-2021-23225 (Cacti 1.1.38 allows authenticated users with User Management per
- cacti 1.2.1+ds1-1
[stretch] - cacti <postponed> (Minor issue; stored XSS requires prior admin access)
NOTE: https://github.com/Cacti/cacti/issues/1882
+ NOTE: overlap with CVE-2020-7106 (registered earlier, but issue above is from 2018) which refactors user_admin.php XSS protection
+ NOTE: input (not output) validation not addressed, malicious username still can be created after fix
CVE-2022-0005
RESERVED
CVE-2022-0004
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3023859aedf896aeaedcf297b7fe4fa453db9599
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3023859aedf896aeaedcf297b7fe4fa453db9599
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220326/f0c610c5/attachment.htm>
More information about the debian-security-tracker-commits
mailing list