[Pkg-cacti-maint] Bug#1008693: cacti: CVE-2022-0730
Salvatore Bonaccorso
carnil at debian.org
Wed Mar 30 20:16:21 BST 2022
Source: cacti
Version: 1.2.19+ds1-2
Severity: important
Tags: security upstream
Forwarded: https://github.com/Cacti/cacti/issues/4562
X-Debbugs-Cc: carnil at debian.org, Debian Security Team <team at security.debian.org>
Hi,
The following vulnerability was published for cacti.
CVE-2022-0730[0]:
| Under certain ldap conditions, Cacti authentication can be bypassed
| with certain credential types.
It will be fixed in 1.2.20 presumably according to the available
information.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2022-0730
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0730
[1] https://github.com/Cacti/cacti/issues/4562
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
More information about the Pkg-cacti-maint
mailing list