Source: cacti Version: 1.2.19+ds1-2 Severity: important Tags: security upstream Forwarded: https://github.com/Cacti/cacti/issues/4562 X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Hi, The following vulnerability was published for cacti. CVE-2022-0730[0]: | Under certain ldap conditions, Cacti authentication can be bypassed | with certain credential types. It will be fixed in 1.2.20 presumably according to the available information. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2022-0730 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0730 [1] https://github.com/Cacti/cacti/issues/4562 Please adjust the affected versions in the BTS as needed. Regards, Salvatore