FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

cacti -- multiple vulnerabilities

Affected packages
cacti < 1.2.10

Details

VuXML ID e2b564fc-7462-11ea-af63-38d547003487
Discovery 2020-02-04
Entry 2020-04-02

The Cacti developers reports:

When guest users have access to realtime graphs, remote code could be executed (CVE-2020-8813).

Lack of escaping on some pages can lead to XSS exposure (CVE-2020-7106).

Remote Code Execution due to input validation failure in Performance Boost Debug Log (CVE-2020-7237).

References

CVE Name CVE-2020-7106
CVE Name CVE-2020-7237
CVE Name CVE-2020-8813
FreeBSD PR ports/245198
URL https://github.com/Cacti/cacti/releases/tag/release%2F1.2.10
URL https://nvd.nist.gov/vuln/detail/CVE-2020-7106
URL https://nvd.nist.gov/vuln/detail/CVE-2020-7237
URL https://nvd.nist.gov/vuln/detail/CVE-2020-8813