Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2022-0730 (GCVE-0-2022-0730)
Vulnerability from cvelistv5 – Published: 2022-03-03 00:00 – Updated: 2024-08-02 23:40
VLAI
EPSS
VEX
Summary
Under certain ldap conditions, Cacti authentication can be bypassed with certain credential types.
Severity
9.8 (Critical)
CWE
Assigner
References
7 references
| URL | Tags |
|---|---|
| https://github.com/Cacti/cacti/issues/4562 | |
| https://lists.debian.org/debian-lts-announce/2022… | mailing-list |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisory |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisory |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisory |
| https://www.debian.org/security/2022/dsa-5298 | vendor-advisory |
| https://lists.debian.org/debian-lts-announce/2022… | mailing-list |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:40:03.539Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/Cacti/cacti/issues/4562"
},
{
"name": "[debian-lts-announce] 20220329 [SECURITY] [DLA 2965-1] cacti security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00038.html"
},
{
"name": "FEDORA-2022-6a7e259e15",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZJERS4NYIGJUXEGT6ATUQA4CBYBRDLRA/"
},
{
"name": "FEDORA-2022-e619e3d5d0",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RVOALVZSCBFNOAAZVHTJFSFB7UDSNYQ2/"
},
{
"name": "FEDORA-2022-70f5c7ff72",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZH67CCORDEYFG7NL7G6UH47PAV2PU7BA/"
},
{
"name": "DSA-5298",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5298"
},
{
"name": "[debian-lts-announce] 20221231 [SECURITY] [DLA 3252-1] cacti security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00039.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cati",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "1.2.19"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Under certain ldap conditions, Cacti authentication can be bypassed with certain credential types."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-31T00:00:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "https://github.com/Cacti/cacti/issues/4562"
},
{
"name": "[debian-lts-announce] 20220329 [SECURITY] [DLA 2965-1] cacti security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00038.html"
},
{
"name": "FEDORA-2022-6a7e259e15",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZJERS4NYIGJUXEGT6ATUQA4CBYBRDLRA/"
},
{
"name": "FEDORA-2022-e619e3d5d0",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RVOALVZSCBFNOAAZVHTJFSFB7UDSNYQ2/"
},
{
"name": "FEDORA-2022-70f5c7ff72",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZH67CCORDEYFG7NL7G6UH47PAV2PU7BA/"
},
{
"name": "DSA-5298",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5298"
},
{
"name": "[debian-lts-announce] 20221231 [SECURITY] [DLA 3252-1] cacti security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00039.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2022-0730",
"datePublished": "2022-03-03T00:00:00.000Z",
"dateReserved": "2022-02-22T00:00:00.000Z",
"dateUpdated": "2024-08-02T23:40:03.539Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2022-0730",
"date": "2026-07-14",
"epss": "0.03445",
"percentile": "0.87621"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2022-0730\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2022-03-03T23:15:08.253\",\"lastModified\":\"2026-06-17T04:21:08.620\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Under certain ldap conditions, Cacti authentication can be bypassed with certain credential types.\"},{\"lang\":\"es\",\"value\":\"Bajo determinadas condiciones de ldap, la autenticaci\u00f3n de Cacti puede ser omitida con determinados tipos de credenciales\"}],\"affected\":[{\"source\":\"secalert@redhat.com\",\"affectedData\":[{\"vendor\":\"n/a\",\"product\":\"Cati\",\"versions\":[{\"version\":\"1.2.19\",\"status\":\"affected\"}]}]}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":6.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-287\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-287\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cacti:cacti:1.2.19:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A4BB8CCB-5F52-4248-947C-3F4F1211EF53\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEECE5FC-CACF-4496-A3E7-164736409252\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FA6FEEC2-9F11-4643-8827-749718254FED\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A930E247-0B43-43CB-98FF-6CE7B8189835\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"80E516C0-98A4-4ADE-B69F-66A772E2BAAA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD\"}]}]}],\"references\":[{\"url\":\"https://github.com/Cacti/cacti/issues/4562\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2022/03/msg00038.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2022/12/msg00039.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RVOALVZSCBFNOAAZVHTJFSFB7UDSNYQ2/\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZH67CCORDEYFG7NL7G6UH47PAV2PU7BA/\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZJERS4NYIGJUXEGT6ATUQA4CBYBRDLRA/\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://www.debian.org/security/2022/dsa-5298\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/Cacti/cacti/issues/4562\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2022/03/msg00038.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2022/12/msg00039.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RVOALVZSCBFNOAAZVHTJFSFB7UDSNYQ2/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZH67CCORDEYFG7NL7G6UH47PAV2PU7BA/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZJERS4NYIGJUXEGT6ATUQA4CBYBRDLRA/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.debian.org/security/2022/dsa-5298\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}",
"redhat_vex": {
"current_release_date": "2025-11-21T16:00:57+00:00",
"cve": "CVE-2022-0730",
"id": "CVE-2022-0730",
"initial_release_date": "2022-02-21T00:00:00+00:00",
"product_status:known_not_affected": "1",
"source": "Red Hat CSAF VEX",
"status": "final",
"title": "cacti: Authentication bypass under certain LDAP server environments",
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-0730.json",
"version": "3"
}
}
}
Title
Cacti授权问题漏洞
Description
Cacti是Cacti团队的一套开源的网络流量监测和分析工具。该工具通过snmpget来获取数据,使用RRDtool绘画图形进行分析,并提供数据和用户管理功能。
Cacti存在授权问题漏洞,攻击者可利用该漏洞使用某些凭据类型绕过Cacti身份验证。
Severity
中
Formal description
厂商尚未提供漏洞修复方案,请关注厂商主页更新: https://github.com/Cacti/cacti/issues/4562
Reference
https://nvd.nist.gov/vuln/detail/CVE-2022-0730
Impacted products
| Name | Cacti Cacti |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2022-0730"
}
},
"description": "Cacti\u662fCacti\u56e2\u961f\u7684\u4e00\u5957\u5f00\u6e90\u7684\u7f51\u7edc\u6d41\u91cf\u76d1\u6d4b\u548c\u5206\u6790\u5de5\u5177\u3002\u8be5\u5de5\u5177\u901a\u8fc7snmpget\u6765\u83b7\u53d6\u6570\u636e\uff0c\u4f7f\u7528RRDtool\u7ed8\u753b\u56fe\u5f62\u8fdb\u884c\u5206\u6790\uff0c\u5e76\u63d0\u4f9b\u6570\u636e\u548c\u7528\u6237\u7ba1\u7406\u529f\u80fd\u3002\n\nCacti\u5b58\u5728\u6388\u6743\u95ee\u9898\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u4f7f\u7528\u67d0\u4e9b\u51ed\u636e\u7c7b\u578b\u7ed5\u8fc7Cacti\u8eab\u4efd\u9a8c\u8bc1\u3002",
"formalWay": "\u5382\u5546\u5c1a\u672a\u63d0\u4f9b\u6f0f\u6d1e\u4fee\u590d\u65b9\u6848\uff0c\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\u66f4\u65b0\uff1a\r\nhttps://github.com/Cacti/cacti/issues/4562",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2022-23467",
"openTime": "2022-03-29",
"products": {
"product": "Cacti Cacti"
},
"referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2022-0730",
"serverity": "\u4e2d",
"submitTime": "2022-03-04",
"title": "Cacti\u6388\u6743\u95ee\u9898\u6f0f\u6d1e"
}
FKIE_CVE-2022-0730
Vulnerability from fkie_nvd - Published: 2022-03-03 23:15 - Updated: 2026-06-17 04:21
Severity
Summary
Under certain ldap conditions, Cacti authentication can be bypassed with certain credential types.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cacti | cacti | 1.2.19 | |
| debian | debian_linux | 9.0 | |
| debian | debian_linux | 10.0 | |
| debian | debian_linux | 11.0 | |
| fedoraproject | fedora | 34 | |
| fedoraproject | fedora | 35 | |
| fedoraproject | fedora | 36 |
{
"affected": [
{
"affectedData": [
{
"product": "Cati",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "1.2.19"
}
]
}
],
"source": "secalert@redhat.com"
}
],
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cacti:cacti:1.2.19:*:*:*:*:*:*:*",
"matchCriteriaId": "A4BB8CCB-5F52-4248-947C-3F4F1211EF53",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
"matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
"matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
"matchCriteriaId": "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Under certain ldap conditions, Cacti authentication can be bypassed with certain credential types."
},
{
"lang": "es",
"value": "Bajo determinadas condiciones de ldap, la autenticaci\u00f3n de Cacti puede ser omitida con determinados tipos de credenciales"
}
],
"id": "CVE-2022-0730",
"lastModified": "2026-06-17T04:21:08.620",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-03-03T23:15:08.253",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/Cacti/cacti/issues/4562"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00038.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00039.html"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RVOALVZSCBFNOAAZVHTJFSFB7UDSNYQ2/"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZH67CCORDEYFG7NL7G6UH47PAV2PU7BA/"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZJERS4NYIGJUXEGT6ATUQA4CBYBRDLRA/"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5298"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/Cacti/cacti/issues/4562"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00038.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00039.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RVOALVZSCBFNOAAZVHTJFSFB7UDSNYQ2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZH67CCORDEYFG7NL7G6UH47PAV2PU7BA/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZJERS4NYIGJUXEGT6ATUQA4CBYBRDLRA/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5298"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
}
GHSA-6G5W-JMG4-8QXF
Vulnerability from github – Published: 2022-03-05 00:00 – Updated: 2022-03-17 00:03
VLAI
Details
Under certain ldap conditions, Cacti authentication can be bypassed with certain credential types.
Severity
9.8 (Critical)
{
"affected": [],
"aliases": [
"CVE-2022-0730"
],
"database_specific": {
"cwe_ids": [
"CWE-287"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-03-03T23:15:00Z",
"severity": "CRITICAL"
},
"details": "Under certain ldap conditions, Cacti authentication can be bypassed with certain credential types.",
"id": "GHSA-6g5w-jmg4-8qxf",
"modified": "2022-03-17T00:03:37Z",
"published": "2022-03-05T00:00:47Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0730"
},
{
"type": "WEB",
"url": "https://github.com/Cacti/cacti/issues/4562"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00038.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00039.html"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RVOALVZSCBFNOAAZVHTJFSFB7UDSNYQ2"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZH67CCORDEYFG7NL7G6UH47PAV2PU7BA"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZJERS4NYIGJUXEGT6ATUQA4CBYBRDLRA"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RVOALVZSCBFNOAAZVHTJFSFB7UDSNYQ2"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZH67CCORDEYFG7NL7G6UH47PAV2PU7BA"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZJERS4NYIGJUXEGT6ATUQA4CBYBRDLRA"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2022/dsa-5298"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GSD-2022-0730
Vulnerability from gsd - Updated: 2023-12-13 01:19Details
Under certain ldap conditions, Cacti authentication can be bypassed with certain credential types.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2022-0730",
"description": "Under certain ldap conditions, Cacti authentication can be bypassed with certain credential types.",
"id": "GSD-2022-0730",
"references": [
"https://www.suse.com/security/cve/CVE-2022-0730.html",
"https://alas.aws.amazon.com/cve/html/CVE-2022-0730.html",
"https://www.debian.org/security/2022/dsa-5298"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2022-0730"
],
"details": "Under certain ldap conditions, Cacti authentication can be bypassed with certain credential types.",
"id": "GSD-2022-0730",
"modified": "2023-12-13T01:19:11.789739Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2022-0730",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cati",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.2.19"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Under certain ldap conditions, Cacti authentication can be bypassed with certain credential types."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"cweId": "CWE-287",
"lang": "eng",
"value": "CWE-287"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/Cacti/cacti/issues/4562",
"refsource": "MISC",
"url": "https://github.com/Cacti/cacti/issues/4562"
},
{
"name": "https://lists.debian.org/debian-lts-announce/2022/03/msg00038.html",
"refsource": "MISC",
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00038.html"
},
{
"name": "https://lists.debian.org/debian-lts-announce/2022/12/msg00039.html",
"refsource": "MISC",
"url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00039.html"
},
{
"name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RVOALVZSCBFNOAAZVHTJFSFB7UDSNYQ2/",
"refsource": "MISC",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RVOALVZSCBFNOAAZVHTJFSFB7UDSNYQ2/"
},
{
"name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZH67CCORDEYFG7NL7G6UH47PAV2PU7BA/",
"refsource": "MISC",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZH67CCORDEYFG7NL7G6UH47PAV2PU7BA/"
},
{
"name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZJERS4NYIGJUXEGT6ATUQA4CBYBRDLRA/",
"refsource": "MISC",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZJERS4NYIGJUXEGT6ATUQA4CBYBRDLRA/"
},
{
"name": "https://www.debian.org/security/2022/dsa-5298",
"refsource": "MISC",
"url": "https://www.debian.org/security/2022/dsa-5298"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:cacti:cacti:1.2.19:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2022-0730"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Under certain ldap conditions, Cacti authentication can be bypassed with certain credential types."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/Cacti/cacti/issues/4562",
"refsource": "MISC",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/Cacti/cacti/issues/4562"
},
{
"name": "[debian-lts-announce] 20220329 [SECURITY] [DLA 2965-1] cacti security update",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00038.html"
},
{
"name": "DSA-5298",
"refsource": "DEBIAN",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5298"
},
{
"name": "[debian-lts-announce] 20221231 [SECURITY] [DLA 3252-1] cacti security update",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00039.html"
},
{
"name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RVOALVZSCBFNOAAZVHTJFSFB7UDSNYQ2/",
"refsource": "MISC",
"tags": [],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RVOALVZSCBFNOAAZVHTJFSFB7UDSNYQ2/"
},
{
"name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZH67CCORDEYFG7NL7G6UH47PAV2PU7BA/",
"refsource": "MISC",
"tags": [],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZH67CCORDEYFG7NL7G6UH47PAV2PU7BA/"
},
{
"name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZJERS4NYIGJUXEGT6ATUQA4CBYBRDLRA/",
"refsource": "MISC",
"tags": [],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZJERS4NYIGJUXEGT6ATUQA4CBYBRDLRA/"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
},
"lastModifiedDate": "2023-02-12T22:15Z",
"publishedDate": "2022-03-03T23:15Z"
}
}
}
OPENSUSE-SU-2022:0145-1
Vulnerability from csaf_opensuse - Published: 2022-05-24 08:17 - Updated: 2022-05-24 08:17Summary
Security update for cacti, cacti-spine
Severity
Moderate
Notes
Title of the patch: Security update for cacti, cacti-spine
Description of the patch: This update for cacti, cacti-spine fixes the following issues:
cacti-spine was updated to 1.2.20:
* Add support for newer versions of MySQL/MariaDB
* When checking for uptime of device, don't assume a non-response
is always fatal
* Fix description and command trunctation issues
* Improve spine performance when only one snmp agent port is in
use
cacti-spine 1.2.19:
* Fix 1ssues with polling loop may skip some datasources
* Fix ping no longer works due to hostname changes
* Fix RRD steps are not always calculated correctly
* Fix unable to build when DES no longer supported
* Fix IPv6 devices are not properly parsed
* Reduce a number of compiler warnings
* Fix compiler warnings due to lack of return in thread_mutex_trylock
* Fix Spine will not look at non-timetics uptime when sysUpTimeInstance overflows
* Improve performance of Cacti poller on heavily loaded systems
cacti-spine 1.2.20:
* Add support for newer versions of MySQL/MariaDB
* When checking for uptime of device, don't assume a non-response
is always fatal
* Fix description and command trunctation issues
* Improve spine performance when only one snmp agent port is in
use
cacti was updated to 1.2.20:
* Security fix for CVE-2022-0730, boo#1196692
Under certain ldap conditions, Cacti authentication can be
bypassed with certain credential types.
* Security fix: Device, Graph, Graph Template,
and Graph Items may be vulnerable to XSS issues
* Security fix: Lockout policies are not properly applied to LDAP
and Domain Users
* Security fix: When using 'remember me' option, incorrect realm
may be selected
* Security fix: User and Group maintenance are vulnerable to SQL attacks
* Security fix: Color Templates are vulnerable to XSS attack
* Features:
* When creating a Data Source Profile, allow additional choices for Heartbeat
* Change select all options to use Font Awesome icons
* Improve spine performance by storing the total number of system snmp_ports in use
* Prevent Template User Accounts from being Removed
* When managing by users, allow filtering by Realm
* Allow plugins to supply template account names
* When viewing logs, additional message types should be filterable
* When creating a Graph Template Item, allow filtering by Data Template
* Allow language handler to be selected via UI
* Updated Device packages for Synology, Citrix NetScaler, Cisco ASA/Cisco
* Add Advanced Ping Graph Template to initial Installable templates
* Add LDAP Debug Mode option
* Allow Reports to include devices not on a Tree
* Allow Basic Authentication to display custom failure message
* Fix: When replicating data during installation/upgrade,
system may appear to hang
* Fix: Graph Template Items may have duplicated entries
* Fix: Unable to Save Graph Settings
* Fix: Script Server may crash if an OID is missing or unavailable
* Fix: When system-wide polling is disabled,
remote pollers may fail to sync changed settings
* Fix: When updating poller name, duplicate name protection may be over zealous
* Fix: Titles may show 'Missing Datasource' incorectly
* Fix: Checking for MIB Cache can cause crashes
* Fix: Polling cycles may not always complete as expected
* Fix: When viewing graph data, non-numeric values may appear
* Fix: Utilities view has calculation errors when there are no data sources
* Fix: When editing Reports, drag and drop may not function as intended
* Fix: When data drive is full, viewing a Graph can result in errors
* Various other bug fixes
cacti 1.2.19:
* Further fixes for grave character security protection (boo#1192408)
* Fix Over aggressive escaping causing menu visibility issues on Create Device page
* Add SHA256 and AES256 security levels for SNMP polling
* Import graph template(Preview Only) show color_id new value as a blank area
* Fix Editing graphs errors due to missing sequence
* Fix 2hen hovering over a Tree Graph, row shows same highlighting as Graph Edit screen
* Fix 2hen RealTime is not active, console errors may appear
* Fix race conditions may occur when multiple RRDtool processes are running
* Fix errors creating graphs from templates
* Fix errors when duplicating reports
* Fix Boost may be blocked by overflowing poller_output table
* Fix Template import may be blocked due to unmet dependency warnings with snmp ports
* Fix Newer MySQL versions may error if committing a transaction when not in one
* Fix SNMP Agent may not find a cache item
* Fix Correct issues running under PHP 8.x
* Fix When polling is disabled, boost may crash and creates many arch tables
* Fix When poller runs, memory tables may not always be present
* Fix Timezones may sometimes be incorrectly calculated
* Fix Allow monitoring IPv6 with interface graphs
* Fix When a data source uses a Data Input Method, those without a mapping should be flagged
* Fix When RRDfile is not yet created, errors may appear when displaying the graph
* Fix Cacti missing key indexes that result in Preset pages slowdowns
* Fix Data Sources page shows no name when Data Source has no name cache
* Fix db_update_table function can not alter table from signed to unsigned
* Fix data remains in poller_output table even if it's flushed to rrd files
* Fix Parameter list for lib/database.php:db_connect_real() is not correct in 3 places
* Fix Offset is a reserved word in MariaDB 10.6 affecting Report
* Fix Rendering large trees slowed due to lack of permission caching
* Fix Error on interpretation of snmpUtime, when to big
* Fix Applying right axis formatting creates an error-image
* Fix Unable to Save Graph Settings from the Graphs pages
* Fix Graph Template Cache is nullified too often when Graph Automation is running
* Fix When Adding a Data Query to a Device, no Progress Spinner is shown
* Fix New Browser Breaks Plugins that depend on non UTC date time data
* Fix errors when testing remote poller connectivity
* Fix errors when renaming poller
* Fix Removing spikes by Variance does not appear to be working beyond the first RRA
* Fix LDAP API lacks timeout options leading to bad login experiences
* Add a normal/wrap class for general use
* Limit File Types available for Template Import operations
* Fix Cacti does not provide an option of providing a client side certificate for LDAP/AD authentication
* Support Stronger Encryption Available Starting in Net-SNMP v5.8
* Allow Cacti to use multiple possible LDAP servers
* Add a 15 minute polling/sampling interval
* Provide additional admin email notifications
* Add warnings for undesired changes to plugin hook return values
* When creating a Graph, make testing the Data Sources optional by Template
* Update phpseclib to 2.0.33
* Update jstree.js to 3.3.12
* Improve performance of Cacti poller on heavily loaded systems
* MariaDB recommendations need some tuning for recent updates
Patchnames: openSUSE-2022-145
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
9.8 (Critical)
Affected products
Recommended
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:cacti-1.2.20-bp153.2.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:cacti-spine-1.2.20-bp153.2.9.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:cacti-spine-1.2.20-bp153.2.9.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:cacti-spine-1.2.20-bp153.2.9.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:cacti-spine-1.2.20-bp153.2.9.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:cacti-spine-1.2.20-bp153.2.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP3:cacti-1.2.20-bp153.2.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP3:cacti-spine-1.2.20-bp153.2.9.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP3:cacti-spine-1.2.20-bp153.2.9.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP3:cacti-spine-1.2.20-bp153.2.9.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP3:cacti-spine-1.2.20-bp153.2.9.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP3:cacti-spine-1.2.20-bp153.2.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:cacti-1.2.20-bp153.2.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:cacti-spine-1.2.20-bp153.2.9.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:cacti-spine-1.2.20-bp153.2.9.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:cacti-spine-1.2.20-bp153.2.9.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:cacti-spine-1.2.20-bp153.2.9.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:cacti-spine-1.2.20-bp153.2.9.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
References
9 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for cacti, cacti-spine",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for cacti, cacti-spine fixes the following issues:\n\ncacti-spine was updated to 1.2.20:\n\n * Add support for newer versions of MySQL/MariaDB\n * When checking for uptime of device, don\u0027t assume a non-response\n is always fatal\n * Fix description and command trunctation issues\n * Improve spine performance when only one snmp agent port is in\n use\n\ncacti-spine 1.2.19:\n\n * Fix 1ssues with polling loop may skip some datasources\n * Fix ping no longer works due to hostname changes\n * Fix RRD steps are not always calculated correctly\n * Fix unable to build when DES no longer supported\n * Fix IPv6 devices are not properly parsed\n * Reduce a number of compiler warnings\n * Fix compiler warnings due to lack of return in thread_mutex_trylock\n * Fix Spine will not look at non-timetics uptime when sysUpTimeInstance overflows\n * Improve performance of Cacti poller on heavily loaded systems\n\ncacti-spine 1.2.20:\n\n * Add support for newer versions of MySQL/MariaDB\n * When checking for uptime of device, don\u0027t assume a non-response\n is always fatal\n * Fix description and command trunctation issues\n * Improve spine performance when only one snmp agent port is in\n use\n\ncacti was updated to 1.2.20:\n\n * Security fix for CVE-2022-0730, boo#1196692\n Under certain ldap conditions, Cacti authentication can be\n bypassed with certain credential types.\n * Security fix: Device, Graph, Graph Template,\n and Graph Items may be vulnerable to XSS issues\n * Security fix: Lockout policies are not properly applied to LDAP\n and Domain Users\n * Security fix: When using \u0027remember me\u0027 option, incorrect realm\n may be selected\n * Security fix: User and Group maintenance are vulnerable to SQL attacks\n * Security fix: Color Templates are vulnerable to XSS attack\n * Features:\n * When creating a Data Source Profile, allow additional choices for Heartbeat\n * Change select all options to use Font Awesome icons\n * Improve spine performance by storing the total number of system snmp_ports in use\n * Prevent Template User Accounts from being Removed\n * When managing by users, allow filtering by Realm\n * Allow plugins to supply template account names\n * When viewing logs, additional message types should be filterable\n * When creating a Graph Template Item, allow filtering by Data Template\n * Allow language handler to be selected via UI\n * Updated Device packages for Synology, Citrix NetScaler, Cisco ASA/Cisco\n * Add Advanced Ping Graph Template to initial Installable templates\n * Add LDAP Debug Mode option\n * Allow Reports to include devices not on a Tree\n * Allow Basic Authentication to display custom failure message\n * Fix: When replicating data during installation/upgrade,\n system may appear to hang\n * Fix: Graph Template Items may have duplicated entries\n * Fix: Unable to Save Graph Settings\n * Fix: Script Server may crash if an OID is missing or unavailable\n * Fix: When system-wide polling is disabled,\n remote pollers may fail to sync changed settings\n * Fix: When updating poller name, duplicate name protection may be over zealous\n * Fix: Titles may show \u0027Missing Datasource\u0027 incorectly\n * Fix: Checking for MIB Cache can cause crashes\n * Fix: Polling cycles may not always complete as expected\n * Fix: When viewing graph data, non-numeric values may appear\n * Fix: Utilities view has calculation errors when there are no data sources\n * Fix: When editing Reports, drag and drop may not function as intended\n * Fix: When data drive is full, viewing a Graph can result in errors\n * Various other bug fixes\n\ncacti 1.2.19:\n\n * Further fixes for grave character security protection (boo#1192408)\n * Fix Over aggressive escaping causing menu visibility issues on Create Device page\n * Add SHA256 and AES256 security levels for SNMP polling\n * Import graph template(Preview Only) show color_id new value as a blank area\n * Fix Editing graphs errors due to missing sequence\n * Fix 2hen hovering over a Tree Graph, row shows same highlighting as Graph Edit screen\n * Fix 2hen RealTime is not active, console errors may appear\n * Fix race conditions may occur when multiple RRDtool processes are running\n * Fix errors creating graphs from templates\n * Fix errors when duplicating reports\n * Fix Boost may be blocked by overflowing poller_output table\n * Fix Template import may be blocked due to unmet dependency warnings with snmp ports\n * Fix Newer MySQL versions may error if committing a transaction when not in one\n * Fix SNMP Agent may not find a cache item\n * Fix Correct issues running under PHP 8.x\n * Fix When polling is disabled, boost may crash and creates many arch tables\n * Fix When poller runs, memory tables may not always be present\n * Fix Timezones may sometimes be incorrectly calculated\n * Fix Allow monitoring IPv6 with interface graphs\n * Fix When a data source uses a Data Input Method, those without a mapping should be flagged\n * Fix When RRDfile is not yet created, errors may appear when displaying the graph\n * Fix Cacti missing key indexes that result in Preset pages slowdowns\n * Fix Data Sources page shows no name when Data Source has no name cache\n * Fix db_update_table function can not alter table from signed to unsigned\n * Fix data remains in poller_output table even if it\u0027s flushed to rrd files\n * Fix Parameter list for lib/database.php:db_connect_real() is not correct in 3 places\n * Fix Offset is a reserved word in MariaDB 10.6 affecting Report\n * Fix Rendering large trees slowed due to lack of permission caching\n * Fix Error on interpretation of snmpUtime, when to big\n * Fix Applying right axis formatting creates an error-image\n * Fix Unable to Save Graph Settings from the Graphs pages\n * Fix Graph Template Cache is nullified too often when Graph Automation is running\n * Fix When Adding a Data Query to a Device, no Progress Spinner is shown\n * Fix New Browser Breaks Plugins that depend on non UTC date time data\n * Fix errors when testing remote poller connectivity\n * Fix errors when renaming poller\n * Fix Removing spikes by Variance does not appear to be working beyond the first RRA\n * Fix LDAP API lacks timeout options leading to bad login experiences\n * Add a normal/wrap class for general use\n * Limit File Types available for Template Import operations\n * Fix Cacti does not provide an option of providing a client side certificate for LDAP/AD authentication\n * Support Stronger Encryption Available Starting in Net-SNMP v5.8\n * Allow Cacti to use multiple possible LDAP servers\n * Add a 15 minute polling/sampling interval\n * Provide additional admin email notifications\n * Add warnings for undesired changes to plugin hook return values\n * When creating a Graph, make testing the Data Sources optional by Template\n * Update phpseclib to 2.0.33\n * Update jstree.js to 3.3.12\n * Improve performance of Cacti poller on heavily loaded systems\n * MariaDB recommendations need some tuning for recent updates\n\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2022-145",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2022_0145-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2022:0145-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/VZEKTX6LOHELIEEVJYSONO5MX6DZOZIA/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2022:0145-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/VZEKTX6LOHELIEEVJYSONO5MX6DZOZIA/"
},
{
"category": "self",
"summary": "SUSE Bug 1192408",
"url": "https://bugzilla.suse.com/1192408"
},
{
"category": "self",
"summary": "SUSE Bug 1196692",
"url": "https://bugzilla.suse.com/1196692"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-0730 page",
"url": "https://www.suse.com/security/cve/CVE-2022-0730/"
}
],
"title": "Security update for cacti, cacti-spine",
"tracking": {
"current_release_date": "2022-05-24T08:17:34Z",
"generator": {
"date": "2022-05-24T08:17:34Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2022:0145-1",
"initial_release_date": "2022-05-24T08:17:34Z",
"revision_history": [
{
"date": "2022-05-24T08:17:34Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "cacti-spine-1.2.20-bp153.2.9.1.aarch64",
"product": {
"name": "cacti-spine-1.2.20-bp153.2.9.1.aarch64",
"product_id": "cacti-spine-1.2.20-bp153.2.9.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "cacti-spine-1.2.20-bp153.2.9.1.i586",
"product": {
"name": "cacti-spine-1.2.20-bp153.2.9.1.i586",
"product_id": "cacti-spine-1.2.20-bp153.2.9.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "cacti-1.2.20-bp153.2.9.1.noarch",
"product": {
"name": "cacti-1.2.20-bp153.2.9.1.noarch",
"product_id": "cacti-1.2.20-bp153.2.9.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "cacti-spine-1.2.20-bp153.2.9.1.ppc64le",
"product": {
"name": "cacti-spine-1.2.20-bp153.2.9.1.ppc64le",
"product_id": "cacti-spine-1.2.20-bp153.2.9.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "cacti-spine-1.2.20-bp153.2.9.1.s390x",
"product": {
"name": "cacti-spine-1.2.20-bp153.2.9.1.s390x",
"product_id": "cacti-spine-1.2.20-bp153.2.9.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "cacti-spine-1.2.20-bp153.2.9.1.x86_64",
"product": {
"name": "cacti-spine-1.2.20-bp153.2.9.1.x86_64",
"product_id": "cacti-spine-1.2.20-bp153.2.9.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Package Hub 12",
"product": {
"name": "SUSE Package Hub 12",
"product_id": "SUSE Package Hub 12",
"product_identification_helper": {
"cpe": "cpe:/o:suse:packagehub:12"
}
}
},
{
"category": "product_name",
"name": "SUSE Package Hub 15 SP3",
"product": {
"name": "SUSE Package Hub 15 SP3",
"product_id": "SUSE Package Hub 15 SP3"
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.3",
"product": {
"name": "openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.3"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "cacti-1.2.20-bp153.2.9.1.noarch as component of SUSE Package Hub 12",
"product_id": "SUSE Package Hub 12:cacti-1.2.20-bp153.2.9.1.noarch"
},
"product_reference": "cacti-1.2.20-bp153.2.9.1.noarch",
"relates_to_product_reference": "SUSE Package Hub 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cacti-spine-1.2.20-bp153.2.9.1.aarch64 as component of SUSE Package Hub 12",
"product_id": "SUSE Package Hub 12:cacti-spine-1.2.20-bp153.2.9.1.aarch64"
},
"product_reference": "cacti-spine-1.2.20-bp153.2.9.1.aarch64",
"relates_to_product_reference": "SUSE Package Hub 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cacti-spine-1.2.20-bp153.2.9.1.i586 as component of SUSE Package Hub 12",
"product_id": "SUSE Package Hub 12:cacti-spine-1.2.20-bp153.2.9.1.i586"
},
"product_reference": "cacti-spine-1.2.20-bp153.2.9.1.i586",
"relates_to_product_reference": "SUSE Package Hub 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cacti-spine-1.2.20-bp153.2.9.1.ppc64le as component of SUSE Package Hub 12",
"product_id": "SUSE Package Hub 12:cacti-spine-1.2.20-bp153.2.9.1.ppc64le"
},
"product_reference": "cacti-spine-1.2.20-bp153.2.9.1.ppc64le",
"relates_to_product_reference": "SUSE Package Hub 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cacti-spine-1.2.20-bp153.2.9.1.s390x as component of SUSE Package Hub 12",
"product_id": "SUSE Package Hub 12:cacti-spine-1.2.20-bp153.2.9.1.s390x"
},
"product_reference": "cacti-spine-1.2.20-bp153.2.9.1.s390x",
"relates_to_product_reference": "SUSE Package Hub 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cacti-spine-1.2.20-bp153.2.9.1.x86_64 as component of SUSE Package Hub 12",
"product_id": "SUSE Package Hub 12:cacti-spine-1.2.20-bp153.2.9.1.x86_64"
},
"product_reference": "cacti-spine-1.2.20-bp153.2.9.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cacti-1.2.20-bp153.2.9.1.noarch as component of SUSE Package Hub 15 SP3",
"product_id": "SUSE Package Hub 15 SP3:cacti-1.2.20-bp153.2.9.1.noarch"
},
"product_reference": "cacti-1.2.20-bp153.2.9.1.noarch",
"relates_to_product_reference": "SUSE Package Hub 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cacti-spine-1.2.20-bp153.2.9.1.aarch64 as component of SUSE Package Hub 15 SP3",
"product_id": "SUSE Package Hub 15 SP3:cacti-spine-1.2.20-bp153.2.9.1.aarch64"
},
"product_reference": "cacti-spine-1.2.20-bp153.2.9.1.aarch64",
"relates_to_product_reference": "SUSE Package Hub 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cacti-spine-1.2.20-bp153.2.9.1.i586 as component of SUSE Package Hub 15 SP3",
"product_id": "SUSE Package Hub 15 SP3:cacti-spine-1.2.20-bp153.2.9.1.i586"
},
"product_reference": "cacti-spine-1.2.20-bp153.2.9.1.i586",
"relates_to_product_reference": "SUSE Package Hub 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cacti-spine-1.2.20-bp153.2.9.1.ppc64le as component of SUSE Package Hub 15 SP3",
"product_id": "SUSE Package Hub 15 SP3:cacti-spine-1.2.20-bp153.2.9.1.ppc64le"
},
"product_reference": "cacti-spine-1.2.20-bp153.2.9.1.ppc64le",
"relates_to_product_reference": "SUSE Package Hub 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cacti-spine-1.2.20-bp153.2.9.1.s390x as component of SUSE Package Hub 15 SP3",
"product_id": "SUSE Package Hub 15 SP3:cacti-spine-1.2.20-bp153.2.9.1.s390x"
},
"product_reference": "cacti-spine-1.2.20-bp153.2.9.1.s390x",
"relates_to_product_reference": "SUSE Package Hub 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cacti-spine-1.2.20-bp153.2.9.1.x86_64 as component of SUSE Package Hub 15 SP3",
"product_id": "SUSE Package Hub 15 SP3:cacti-spine-1.2.20-bp153.2.9.1.x86_64"
},
"product_reference": "cacti-spine-1.2.20-bp153.2.9.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cacti-1.2.20-bp153.2.9.1.noarch as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:cacti-1.2.20-bp153.2.9.1.noarch"
},
"product_reference": "cacti-1.2.20-bp153.2.9.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cacti-spine-1.2.20-bp153.2.9.1.aarch64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:cacti-spine-1.2.20-bp153.2.9.1.aarch64"
},
"product_reference": "cacti-spine-1.2.20-bp153.2.9.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cacti-spine-1.2.20-bp153.2.9.1.i586 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:cacti-spine-1.2.20-bp153.2.9.1.i586"
},
"product_reference": "cacti-spine-1.2.20-bp153.2.9.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cacti-spine-1.2.20-bp153.2.9.1.ppc64le as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:cacti-spine-1.2.20-bp153.2.9.1.ppc64le"
},
"product_reference": "cacti-spine-1.2.20-bp153.2.9.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cacti-spine-1.2.20-bp153.2.9.1.s390x as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:cacti-spine-1.2.20-bp153.2.9.1.s390x"
},
"product_reference": "cacti-spine-1.2.20-bp153.2.9.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cacti-spine-1.2.20-bp153.2.9.1.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:cacti-spine-1.2.20-bp153.2.9.1.x86_64"
},
"product_reference": "cacti-spine-1.2.20-bp153.2.9.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-0730",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-0730"
}
],
"notes": [
{
"category": "general",
"text": "Under certain ldap conditions, Cacti authentication can be bypassed with certain credential types.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:cacti-1.2.20-bp153.2.9.1.noarch",
"SUSE Package Hub 12:cacti-spine-1.2.20-bp153.2.9.1.aarch64",
"SUSE Package Hub 12:cacti-spine-1.2.20-bp153.2.9.1.i586",
"SUSE Package Hub 12:cacti-spine-1.2.20-bp153.2.9.1.ppc64le",
"SUSE Package Hub 12:cacti-spine-1.2.20-bp153.2.9.1.s390x",
"SUSE Package Hub 12:cacti-spine-1.2.20-bp153.2.9.1.x86_64",
"SUSE Package Hub 15 SP3:cacti-1.2.20-bp153.2.9.1.noarch",
"SUSE Package Hub 15 SP3:cacti-spine-1.2.20-bp153.2.9.1.aarch64",
"SUSE Package Hub 15 SP3:cacti-spine-1.2.20-bp153.2.9.1.i586",
"SUSE Package Hub 15 SP3:cacti-spine-1.2.20-bp153.2.9.1.ppc64le",
"SUSE Package Hub 15 SP3:cacti-spine-1.2.20-bp153.2.9.1.s390x",
"SUSE Package Hub 15 SP3:cacti-spine-1.2.20-bp153.2.9.1.x86_64",
"openSUSE Leap 15.3:cacti-1.2.20-bp153.2.9.1.noarch",
"openSUSE Leap 15.3:cacti-spine-1.2.20-bp153.2.9.1.aarch64",
"openSUSE Leap 15.3:cacti-spine-1.2.20-bp153.2.9.1.i586",
"openSUSE Leap 15.3:cacti-spine-1.2.20-bp153.2.9.1.ppc64le",
"openSUSE Leap 15.3:cacti-spine-1.2.20-bp153.2.9.1.s390x",
"openSUSE Leap 15.3:cacti-spine-1.2.20-bp153.2.9.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-0730",
"url": "https://www.suse.com/security/cve/CVE-2022-0730"
},
{
"category": "external",
"summary": "SUSE Bug 1196692 for CVE-2022-0730",
"url": "https://bugzilla.suse.com/1196692"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:cacti-1.2.20-bp153.2.9.1.noarch",
"SUSE Package Hub 12:cacti-spine-1.2.20-bp153.2.9.1.aarch64",
"SUSE Package Hub 12:cacti-spine-1.2.20-bp153.2.9.1.i586",
"SUSE Package Hub 12:cacti-spine-1.2.20-bp153.2.9.1.ppc64le",
"SUSE Package Hub 12:cacti-spine-1.2.20-bp153.2.9.1.s390x",
"SUSE Package Hub 12:cacti-spine-1.2.20-bp153.2.9.1.x86_64",
"SUSE Package Hub 15 SP3:cacti-1.2.20-bp153.2.9.1.noarch",
"SUSE Package Hub 15 SP3:cacti-spine-1.2.20-bp153.2.9.1.aarch64",
"SUSE Package Hub 15 SP3:cacti-spine-1.2.20-bp153.2.9.1.i586",
"SUSE Package Hub 15 SP3:cacti-spine-1.2.20-bp153.2.9.1.ppc64le",
"SUSE Package Hub 15 SP3:cacti-spine-1.2.20-bp153.2.9.1.s390x",
"SUSE Package Hub 15 SP3:cacti-spine-1.2.20-bp153.2.9.1.x86_64",
"openSUSE Leap 15.3:cacti-1.2.20-bp153.2.9.1.noarch",
"openSUSE Leap 15.3:cacti-spine-1.2.20-bp153.2.9.1.aarch64",
"openSUSE Leap 15.3:cacti-spine-1.2.20-bp153.2.9.1.i586",
"openSUSE Leap 15.3:cacti-spine-1.2.20-bp153.2.9.1.ppc64le",
"openSUSE Leap 15.3:cacti-spine-1.2.20-bp153.2.9.1.s390x",
"openSUSE Leap 15.3:cacti-spine-1.2.20-bp153.2.9.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 12:cacti-1.2.20-bp153.2.9.1.noarch",
"SUSE Package Hub 12:cacti-spine-1.2.20-bp153.2.9.1.aarch64",
"SUSE Package Hub 12:cacti-spine-1.2.20-bp153.2.9.1.i586",
"SUSE Package Hub 12:cacti-spine-1.2.20-bp153.2.9.1.ppc64le",
"SUSE Package Hub 12:cacti-spine-1.2.20-bp153.2.9.1.s390x",
"SUSE Package Hub 12:cacti-spine-1.2.20-bp153.2.9.1.x86_64",
"SUSE Package Hub 15 SP3:cacti-1.2.20-bp153.2.9.1.noarch",
"SUSE Package Hub 15 SP3:cacti-spine-1.2.20-bp153.2.9.1.aarch64",
"SUSE Package Hub 15 SP3:cacti-spine-1.2.20-bp153.2.9.1.i586",
"SUSE Package Hub 15 SP3:cacti-spine-1.2.20-bp153.2.9.1.ppc64le",
"SUSE Package Hub 15 SP3:cacti-spine-1.2.20-bp153.2.9.1.s390x",
"SUSE Package Hub 15 SP3:cacti-spine-1.2.20-bp153.2.9.1.x86_64",
"openSUSE Leap 15.3:cacti-1.2.20-bp153.2.9.1.noarch",
"openSUSE Leap 15.3:cacti-spine-1.2.20-bp153.2.9.1.aarch64",
"openSUSE Leap 15.3:cacti-spine-1.2.20-bp153.2.9.1.i586",
"openSUSE Leap 15.3:cacti-spine-1.2.20-bp153.2.9.1.ppc64le",
"openSUSE Leap 15.3:cacti-spine-1.2.20-bp153.2.9.1.s390x",
"openSUSE Leap 15.3:cacti-spine-1.2.20-bp153.2.9.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-05-24T08:17:34Z",
"details": "critical"
}
],
"title": "CVE-2022-0730"
}
]
}
OPENSUSE-SU-2024:12016-1
Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00Summary
cacti-1.2.20-1.1 on GA media
Severity
Moderate
Notes
Title of the patch: cacti-1.2.20-1.1 on GA media
Description of the patch: These are all security issues fixed in the cacti-1.2.20-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2024-12016
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
9.8 (Critical)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:cacti-1.2.20-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cacti-1.2.20-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cacti-1.2.20-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cacti-1.2.20-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
References
5 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "cacti-1.2.20-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the cacti-1.2.20-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-12016",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_12016-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-0730 page",
"url": "https://www.suse.com/security/cve/CVE-2022-0730/"
}
],
"title": "cacti-1.2.20-1.1 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:12016-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "cacti-1.2.20-1.1.aarch64",
"product": {
"name": "cacti-1.2.20-1.1.aarch64",
"product_id": "cacti-1.2.20-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "cacti-1.2.20-1.1.ppc64le",
"product": {
"name": "cacti-1.2.20-1.1.ppc64le",
"product_id": "cacti-1.2.20-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "cacti-1.2.20-1.1.s390x",
"product": {
"name": "cacti-1.2.20-1.1.s390x",
"product_id": "cacti-1.2.20-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "cacti-1.2.20-1.1.x86_64",
"product": {
"name": "cacti-1.2.20-1.1.x86_64",
"product_id": "cacti-1.2.20-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "cacti-1.2.20-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:cacti-1.2.20-1.1.aarch64"
},
"product_reference": "cacti-1.2.20-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cacti-1.2.20-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:cacti-1.2.20-1.1.ppc64le"
},
"product_reference": "cacti-1.2.20-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cacti-1.2.20-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:cacti-1.2.20-1.1.s390x"
},
"product_reference": "cacti-1.2.20-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cacti-1.2.20-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:cacti-1.2.20-1.1.x86_64"
},
"product_reference": "cacti-1.2.20-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-0730",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-0730"
}
],
"notes": [
{
"category": "general",
"text": "Under certain ldap conditions, Cacti authentication can be bypassed with certain credential types.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:cacti-1.2.20-1.1.aarch64",
"openSUSE Tumbleweed:cacti-1.2.20-1.1.ppc64le",
"openSUSE Tumbleweed:cacti-1.2.20-1.1.s390x",
"openSUSE Tumbleweed:cacti-1.2.20-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-0730",
"url": "https://www.suse.com/security/cve/CVE-2022-0730"
},
{
"category": "external",
"summary": "SUSE Bug 1196692 for CVE-2022-0730",
"url": "https://bugzilla.suse.com/1196692"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:cacti-1.2.20-1.1.aarch64",
"openSUSE Tumbleweed:cacti-1.2.20-1.1.ppc64le",
"openSUSE Tumbleweed:cacti-1.2.20-1.1.s390x",
"openSUSE Tumbleweed:cacti-1.2.20-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:cacti-1.2.20-1.1.aarch64",
"openSUSE Tumbleweed:cacti-1.2.20-1.1.ppc64le",
"openSUSE Tumbleweed:cacti-1.2.20-1.1.s390x",
"openSUSE Tumbleweed:cacti-1.2.20-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2022-0730"
}
]
}
WID-SEC-W-2022-1580
Vulnerability from csaf_certbund - Published: 2022-02-22 23:00 - Updated: 2024-12-08 23:00Summary
Cacti: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen
Severity
Mittel
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Cacti ist ein grafisches Frontend zur Visualisierung von statistischen Daten, erfasst durch die Round Robin Database rrdtool.
Angriff: Ein Angreifer kann eine Schwachstelle in Cacti ausnutzen, um Sicherheitsvorkehrungen zu umgehen.
Betroffene Betriebssysteme: - Linux
- MacOS X
- Sonstiges
- UNIX
- Windows
Es existiert eine Schwachstelle in Cacti. Die Schwachstelle wird nicht im Detail beschrieben. Ein Angreifer kann unter bestimmten Bedingungen Sicherheitsvorkehrungen (Authentisierung) umgehen.
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Open Source Cacti <1.2.20
Open Source / Cacti
|
<1.2.20 |
References
7 references
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Cacti ist ein grafisches Frontend zur Visualisierung von statistischen Daten, erfasst durch die Round Robin Database rrdtool.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer kann eine Schwachstelle in Cacti ausnutzen, um Sicherheitsvorkehrungen zu umgehen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- MacOS X\n- Sonstiges\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2022-1580 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2022/wid-sec-w-2022-1580.json"
},
{
"category": "self",
"summary": "WID-SEC-2022-1580 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-1580"
},
{
"category": "external",
"summary": "Red Hat Bugzilla - Bug 2057106 vom 2022-02-22",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2057106"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-2965 vom 2022-03-29",
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00038.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS-2022-1634 vom 2022-09-29",
"url": "https://alas.aws.amazon.com/ALAS-2022-1634.html"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-3252 vom 2022-12-31",
"url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00039.html"
},
{
"category": "external",
"summary": "Gentoo Linux Security Advisory GLSA-202412-02 vom 2024-12-07",
"url": "https://security.gentoo.org/glsa/202412-02"
}
],
"source_lang": "en-US",
"title": "Cacti: Schwachstelle erm\u00f6glicht Umgehen von Sicherheitsvorkehrungen",
"tracking": {
"current_release_date": "2024-12-08T23:00:00.000+00:00",
"generator": {
"date": "2024-12-09T09:22:03.168+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.10"
}
},
"id": "WID-SEC-W-2022-1580",
"initial_release_date": "2022-02-22T23:00:00.000+00:00",
"revision_history": [
{
"date": "2022-02-22T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2022-03-29T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Debian aufgenommen"
},
{
"date": "2022-09-29T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2023-01-01T23:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Debian aufgenommen"
},
{
"date": "2024-12-08T23:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von Gentoo aufgenommen"
}
],
"status": "final",
"version": "5"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Amazon Linux 2",
"product": {
"name": "Amazon Linux 2",
"product_id": "398363",
"product_identification_helper": {
"cpe": "cpe:/o:amazon:linux_2:-"
}
}
}
],
"category": "vendor",
"name": "Amazon"
},
{
"branches": [
{
"category": "product_name",
"name": "Debian Linux",
"product": {
"name": "Debian Linux",
"product_id": "2951",
"product_identification_helper": {
"cpe": "cpe:/o:debian:debian_linux:-"
}
}
}
],
"category": "vendor",
"name": "Debian"
},
{
"branches": [
{
"category": "product_name",
"name": "Gentoo Linux",
"product": {
"name": "Gentoo Linux",
"product_id": "T012167",
"product_identification_helper": {
"cpe": "cpe:/o:gentoo:linux:-"
}
}
}
],
"category": "vendor",
"name": "Gentoo"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c1.2.20",
"product": {
"name": "Open Source Cacti \u003c1.2.20",
"product_id": "T022141"
}
},
{
"category": "product_version",
"name": "1.2.20",
"product": {
"name": "Open Source Cacti 1.2.20",
"product_id": "T022141-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:cacti:cacti:1.2.20"
}
}
}
],
"category": "product_name",
"name": "Cacti"
}
],
"category": "vendor",
"name": "Open Source"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-0730",
"notes": [
{
"category": "description",
"text": "Es existiert eine Schwachstelle in Cacti. Die Schwachstelle wird nicht im Detail beschrieben. Ein Angreifer kann unter bestimmten Bedingungen Sicherheitsvorkehrungen (Authentisierung) umgehen."
}
],
"product_status": {
"known_affected": [
"2951",
"398363",
"T012167",
"T022141"
]
},
"release_date": "2022-02-22T23:00:00.000+00:00",
"title": "CVE-2022-0730"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…