[ALPINE:CVE-2023-39358] cacti vulnerability

Severity High

Affected Packages 8

Fixed Packages 8

CVEs 1

[From CVE-2023-39358] Cacti is an open source operational monitoring and fault management framework. An authenticated SQL injection vulnerability was discovered which allows authenticated users to perform privilege escalation and remote code execution. The vulnerability resides in the reports_user.php file. In ajax_get_branches, the tree_id parameter is passed to the reports_get_branch_select function without any validation. This issue has been addressed in version 1.2.25. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Package	Affected Version
pkg:apk/alpine/cacti?arch=x86_64&distro=alpine-edge	< 1.2.25-r0
pkg:apk/alpine/cacti?arch=x86&distro=alpine-edge	< 1.2.25-r0
pkg:apk/alpine/cacti?arch=s390x&distro=alpine-edge	< 1.2.25-r0
pkg:apk/alpine/cacti?arch=riscv64&distro=alpine-edge	< 1.2.25-r0
pkg:apk/alpine/cacti?arch=ppc64le&distro=alpine-edge	< 1.2.25-r0
pkg:apk/alpine/cacti?arch=armv7&distro=alpine-edge	< 1.2.25-r0
pkg:apk/alpine/cacti?arch=armhf&distro=alpine-edge	< 1.2.25-r0
pkg:apk/alpine/cacti?arch=aarch64&distro=alpine-edge	< 1.2.25-r0

Package	Fixed Version
pkg:apk/alpine/cacti?arch=x86_64&distro=alpine-edge	= 1.2.25-r0
pkg:apk/alpine/cacti?arch=x86&distro=alpine-edge	= 1.2.25-r0
pkg:apk/alpine/cacti?arch=s390x&distro=alpine-edge	= 1.2.25-r0
pkg:apk/alpine/cacti?arch=riscv64&distro=alpine-edge	= 1.2.25-r0
pkg:apk/alpine/cacti?arch=ppc64le&distro=alpine-edge	= 1.2.25-r0
pkg:apk/alpine/cacti?arch=armv7&distro=alpine-edge	= 1.2.25-r0
pkg:apk/alpine/cacti?arch=armhf&distro=alpine-edge	= 1.2.25-r0
pkg:apk/alpine/cacti?arch=aarch64&distro=alpine-edge	= 1.2.25-r0

ID

ALPINE:CVE-2023-39358

Severity

high

Severity from

CVE-2023-39358

URL

https://security.alpinelinux.org/vuln/CVE-2023-39358

Published

2023-09-05T22:15:08
(12 months ago)

Modified

2023-09-05T22:15:08
(12 months ago)

Rights

Alpine Linux Security Team

Other Advisories

Type	Package URL	Namespace	Name / Product	Version	Distribution / Platform	Arch
Fixed	pkg:apk/alpine/cacti?arch=x86_64&distro=alpine-edge	alpine	cacti	= 1.2.25-r0	alpine-edge	x86_64
Affected	pkg:apk/alpine/cacti?arch=x86_64&distro=alpine-edge	alpine	cacti	< 1.2.25-r0	alpine-edge	x86_64
Fixed	pkg:apk/alpine/cacti?arch=x86&distro=alpine-edge	alpine	cacti	= 1.2.25-r0	alpine-edge	x86
Affected	pkg:apk/alpine/cacti?arch=x86&distro=alpine-edge	alpine	cacti	< 1.2.25-r0	alpine-edge	x86
Fixed	pkg:apk/alpine/cacti?arch=s390x&distro=alpine-edge	alpine	cacti	= 1.2.25-r0	alpine-edge	s390x
Affected	pkg:apk/alpine/cacti?arch=s390x&distro=alpine-edge	alpine	cacti	< 1.2.25-r0	alpine-edge	s390x
Fixed	pkg:apk/alpine/cacti?arch=riscv64&distro=alpine-edge	alpine	cacti	= 1.2.25-r0	alpine-edge	riscv64
Affected	pkg:apk/alpine/cacti?arch=riscv64&distro=alpine-edge	alpine	cacti	< 1.2.25-r0	alpine-edge	riscv64
Fixed	pkg:apk/alpine/cacti?arch=ppc64le&distro=alpine-edge	alpine	cacti	= 1.2.25-r0	alpine-edge	ppc64le
Affected	pkg:apk/alpine/cacti?arch=ppc64le&distro=alpine-edge	alpine	cacti	< 1.2.25-r0	alpine-edge	ppc64le
Fixed	pkg:apk/alpine/cacti?arch=armv7&distro=alpine-edge	alpine	cacti	= 1.2.25-r0	alpine-edge	armv7
Affected	pkg:apk/alpine/cacti?arch=armv7&distro=alpine-edge	alpine	cacti	< 1.2.25-r0	alpine-edge	armv7
Fixed	pkg:apk/alpine/cacti?arch=armhf&distro=alpine-edge	alpine	cacti	= 1.2.25-r0	alpine-edge	armhf
Affected	pkg:apk/alpine/cacti?arch=armhf&distro=alpine-edge	alpine	cacti	< 1.2.25-r0	alpine-edge	armhf
Fixed	pkg:apk/alpine/cacti?arch=aarch64&distro=alpine-edge	alpine	cacti	= 1.2.25-r0	alpine-edge	aarch64
Affected	pkg:apk/alpine/cacti?arch=aarch64&distro=alpine-edge	alpine	cacti	< 1.2.25-r0	alpine-edge	aarch64

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date