[Git][security-tracker-team/security-tracker][master] Update status for CVE-2024-43363 and CVE-2025-24367

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sun Feb 9 13:53:58 GMT 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
019af0d2 by Salvatore Bonaccorso at 2025-02-09T14:53:40+01:00
Update status for CVE-2024-43363 and CVE-2025-24367

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -2873,9 +2873,10 @@ CVE-2025-24368 (Cacti is an open source performance and fault management framewo
 	NOTE: Frontend regression: https://github.com/Cacti/cacti/issues/6090
 	NOTE: Frontend fix optional: https://github.com/Cacti/cacti/pull/6094#issuecomment-2643321503
 CVE-2025-24367 (Cacti is an open source performance and fault management framework. An ...)
-	- cacti 1.2.28+ds1-4 (bug #1094574)
+	- cacti 1.2.28+ds1-4 (bug #1094574; unimportant)
 	NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-fxrq-fr7h-9rqq
 	NOTE: Fixed by: https://github.com/Cacti/cacti/commit/c7e4ee798d263a3209ae6e7ba182c7b65284d8f0
+	NOTE: Negligible security impact as exploitability depends on writable web root for cacto
 CVE-2025-24365 (vaultwarden is an unofficial Bitwarden compatible server written in Ru ...)
 	- vaultwarden <itp> (bug #1067023)
 CVE-2025-24364 (vaultwarden is an unofficial Bitwarden compatible server written in Ru ...)
@@ -36339,9 +36340,10 @@ CVE-2024-43364 (Cacti is an open source performance and fault management framewo
 	NOTE: Fixed by: https://github.com/Cacti/cacti/commit/e03f605dca8da56ecc7d321103a5842cd32007b0 (release/1.2.28)
 	NOTE: Fixed by: https://github.com/Cacti/cacti/commit/059d107fade96cde3743f1e2d444ce52beb92321 (release/1.2.28)
 CVE-2024-43363 (Cacti is an open source performance and fault management framework. An ...)
-	- cacti 1.2.28+ds1-1
+	- cacti 1.2.28+ds1-1 (unimportant)
 	NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-gxq4-mv8h-6qj4
 	NOTE: Fixed by: https://github.com/Cacti/cacti/commit/3adc71a2b97506bf26c21935e1e6f30d58fe88e3 (release/1.2.28)
+	NOTE: Negligible security impact as exploitability depends on writable web root for cacto
 CVE-2024-43362 (Cacti is an open source performance and fault management framework. Th ...)
 	- cacti 1.2.28+ds1-1
 	NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-wh9c-v56x-v77c



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/019af0d262f1398798d02ab6c077526e31fd4faf

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/019af0d262f1398798d02ab6c077526e31fd4faf
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250209/1a472dfc/attachment.htm>

More information about the debian-security-tracker-commits mailing list