Sylvain Beucler pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
3023859a by Sylvain Beucler at 2022-03-26T19:34:40+01:00
CVE-2021-23225/cacti: precisions
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -30149,6 +30149,8 @@ CVE-2021-23225 (Cacti 1.1.38 allows authenticated users
with User Management per
- cacti 1.2.1+ds1-1
[stretch] - cacti <postponed> (Minor issue; stored XSS requires prior
admin access)
NOTE: https://github.com/Cacti/cacti/issues/1882
+ NOTE: overlap with CVE-2020-7106 (registered earlier, but issue above
is from 2018) which refactors user_admin.php XSS protection
+ NOTE: input (not output) validation not addressed, malicious username
still can be created after fix
CVE-2022-0005
RESERVED
CVE-2022-0004
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3023859aedf896aeaedcf297b7fe4fa453db9599
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3023859aedf896aeaedcf297b7fe4fa453db9599
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
