[ALPINE:CVE-2023-39365] cacti vulnerability

Severity Medium

Affected Packages 8

Fixed Packages 8

CVEs 1

[From CVE-2023-39365] Cacti is an open source operational monitoring and fault management framework. Issues with Cacti Regular Expression validation combined with the external links feature can lead to limited SQL Injections and subsequent data leakage. This issue has been addressed in version 1.2.25. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Package	Affected Version
pkg:apk/alpine/cacti?arch=x86_64&distro=alpine-edge	< 1.2.25-r0
pkg:apk/alpine/cacti?arch=x86&distro=alpine-edge	< 1.2.25-r0
pkg:apk/alpine/cacti?arch=s390x&distro=alpine-edge	< 1.2.25-r0
pkg:apk/alpine/cacti?arch=riscv64&distro=alpine-edge	< 1.2.25-r0
pkg:apk/alpine/cacti?arch=ppc64le&distro=alpine-edge	< 1.2.25-r0
pkg:apk/alpine/cacti?arch=armv7&distro=alpine-edge	< 1.2.25-r0
pkg:apk/alpine/cacti?arch=armhf&distro=alpine-edge	< 1.2.25-r0
pkg:apk/alpine/cacti?arch=aarch64&distro=alpine-edge	< 1.2.25-r0

Package	Fixed Version
pkg:apk/alpine/cacti?arch=x86_64&distro=alpine-edge	= 1.2.25-r0
pkg:apk/alpine/cacti?arch=x86&distro=alpine-edge	= 1.2.25-r0
pkg:apk/alpine/cacti?arch=s390x&distro=alpine-edge	= 1.2.25-r0
pkg:apk/alpine/cacti?arch=riscv64&distro=alpine-edge	= 1.2.25-r0
pkg:apk/alpine/cacti?arch=ppc64le&distro=alpine-edge	= 1.2.25-r0
pkg:apk/alpine/cacti?arch=armv7&distro=alpine-edge	= 1.2.25-r0
pkg:apk/alpine/cacti?arch=armhf&distro=alpine-edge	= 1.2.25-r0
pkg:apk/alpine/cacti?arch=aarch64&distro=alpine-edge	= 1.2.25-r0

ID

ALPINE:CVE-2023-39365

Severity

medium

Severity from

CVE-2023-39365

URL

https://security.alpinelinux.org/vuln/CVE-2023-39365

Published

2023-09-05T22:15:09
(12 months ago)

Modified

2023-09-05T22:15:09
(12 months ago)

Rights

Alpine Linux Security Team

Other Advisories

Type	Package URL	Namespace	Name / Product	Version	Distribution / Platform	Arch
Fixed	pkg:apk/alpine/cacti?arch=x86_64&distro=alpine-edge	alpine	cacti	= 1.2.25-r0	alpine-edge	x86_64
Affected	pkg:apk/alpine/cacti?arch=x86_64&distro=alpine-edge	alpine	cacti	< 1.2.25-r0	alpine-edge	x86_64
Fixed	pkg:apk/alpine/cacti?arch=x86&distro=alpine-edge	alpine	cacti	= 1.2.25-r0	alpine-edge	x86
Affected	pkg:apk/alpine/cacti?arch=x86&distro=alpine-edge	alpine	cacti	< 1.2.25-r0	alpine-edge	x86
Fixed	pkg:apk/alpine/cacti?arch=s390x&distro=alpine-edge	alpine	cacti	= 1.2.25-r0	alpine-edge	s390x
Affected	pkg:apk/alpine/cacti?arch=s390x&distro=alpine-edge	alpine	cacti	< 1.2.25-r0	alpine-edge	s390x
Fixed	pkg:apk/alpine/cacti?arch=riscv64&distro=alpine-edge	alpine	cacti	= 1.2.25-r0	alpine-edge	riscv64
Affected	pkg:apk/alpine/cacti?arch=riscv64&distro=alpine-edge	alpine	cacti	< 1.2.25-r0	alpine-edge	riscv64
Fixed	pkg:apk/alpine/cacti?arch=ppc64le&distro=alpine-edge	alpine	cacti	= 1.2.25-r0	alpine-edge	ppc64le
Affected	pkg:apk/alpine/cacti?arch=ppc64le&distro=alpine-edge	alpine	cacti	< 1.2.25-r0	alpine-edge	ppc64le
Fixed	pkg:apk/alpine/cacti?arch=armv7&distro=alpine-edge	alpine	cacti	= 1.2.25-r0	alpine-edge	armv7
Affected	pkg:apk/alpine/cacti?arch=armv7&distro=alpine-edge	alpine	cacti	< 1.2.25-r0	alpine-edge	armv7
Fixed	pkg:apk/alpine/cacti?arch=armhf&distro=alpine-edge	alpine	cacti	= 1.2.25-r0	alpine-edge	armhf
Affected	pkg:apk/alpine/cacti?arch=armhf&distro=alpine-edge	alpine	cacti	< 1.2.25-r0	alpine-edge	armhf
Fixed	pkg:apk/alpine/cacti?arch=aarch64&distro=alpine-edge	alpine	cacti	= 1.2.25-r0	alpine-edge	aarch64
Affected	pkg:apk/alpine/cacti?arch=aarch64&distro=alpine-edge	alpine	cacti	< 1.2.25-r0	alpine-edge	aarch64

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date