usn-5214-1
Vulnerability from osv_ubuntu
Published
2022-06-09 09:14
Modified
2026-06-25 10:46
Summary
cacti vulnerabilities
Details

It was discovered that Cacti was incorrectly validating permissions for user accounts that had been recently disabled. An authenticated attacker could possibly use this to obtain unauthorized access to application and system data. (CVE-2020-13230)

It was discovered that Cacti was incorrectly performing authorization checks in auth_profile.php. A remote unauthenticated attacker could use this to perform a CSRF attack and set a new admin email or make other changes. This issue only affected Ubuntu 18.04 ESM and Ubuntu 20.04 ESM. (CVE-2020-13231)

It was discovered that Cacti incorrectly handled user provided input sent through request parameters to the color.php script. A remote authenticated attacker could use this issue to perform SQL injection attacks. This issue only affected Ubuntu 18.04 ESM and Ubuntu 20.04 ESM. (CVE-2020-14295)

It was discovered that Cacti did not properly escape file input fields when performing template import operations for various themes. An authenticated attacker could use this to perform XSS attacks. This issue only affected Ubuntu 18.04 ESM and Ubuntu 20.04 ESM. (CVE-2020-14424)

It was discovered that Cacti incorrectly handled user provided input sent through request parameters to the data_debug.php script. A remote authenticated attacker could use this issue to perform SQL injection attacks. This issue only affected Ubuntu 20.04 ESM. (CVE-2020-35701)


{
  "affected": [
    {
      "database_specific": {
        "cves_map": {
          "cves": [
            {
              "id": "CVE-2020-13230",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                  "type": "CVSS_V3"
                },
                {
                  "score": "low",
                  "type": "Ubuntu"
                }
              ]
            }
          ],
          "ecosystem": "Ubuntu:Pro:16.04:LTS"
        }
      },
      "ecosystem_specific": {
        "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
        "binaries": [
          {
            "binary_name": "cacti",
            "binary_version": "0.8.8f+ds1-4ubuntu4.16.04.2+esm1"
          }
        ]
      },
      "package": {
        "ecosystem": "Ubuntu:Pro:16.04:LTS",
        "name": "cacti",
        "purl": "pkg:deb/ubuntu/cacti@0.8.8f+ds1-4ubuntu4.16.04.2+esm1?arch=source\u0026distro=esm-apps/xenial"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.8.8f+ds1-4ubuntu4.16.04.2+esm1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "0.8.8f+ds1-2",
        "0.8.8f+ds1-3",
        "0.8.8f+ds1-4",
        "0.8.8f+ds1-4ubuntu1",
        "0.8.8f+ds1-4ubuntu2",
        "0.8.8f+ds1-4ubuntu3",
        "0.8.8f+ds1-4ubuntu4",
        "0.8.8f+ds1-4ubuntu4.16.04",
        "0.8.8f+ds1-4ubuntu4.16.04.1",
        "0.8.8f+ds1-4ubuntu4.16.04.2"
      ]
    },
    {
      "database_specific": {
        "cves_map": {
          "cves": [
            {
              "id": "CVE-2020-13230",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                  "type": "CVSS_V3"
                },
                {
                  "score": "low",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2020-13231",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2020-14295",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2020-14424",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            }
          ],
          "ecosystem": "Ubuntu:Pro:18.04:LTS"
        }
      },
      "ecosystem_specific": {
        "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
        "binaries": [
          {
            "binary_name": "cacti",
            "binary_version": "1.1.38+ds1-1ubuntu0.1~esm1"
          }
        ]
      },
      "package": {
        "ecosystem": "Ubuntu:Pro:18.04:LTS",
        "name": "cacti",
        "purl": "pkg:deb/ubuntu/cacti@1.1.38+ds1-1ubuntu0.1~esm1?arch=source\u0026distro=esm-apps/bionic"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.1.38+ds1-1ubuntu0.1~esm1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "1.1.18+ds1-1",
        "1.1.27+ds1-2",
        "1.1.27+ds1-3",
        "1.1.28+ds1-2",
        "1.1.35+ds1-1",
        "1.1.36+ds1-1",
        "1.1.38+ds1-1"
      ]
    },
    {
      "database_specific": {
        "cves_map": {
          "cves": [
            {
              "id": "CVE-2020-13230",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                  "type": "CVSS_V3"
                },
                {
                  "score": "low",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2020-13231",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2020-14295",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2020-14424",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2020-35701",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            }
          ],
          "ecosystem": "Ubuntu:Pro:20.04:LTS"
        }
      },
      "ecosystem_specific": {
        "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
        "binaries": [
          {
            "binary_name": "cacti",
            "binary_version": "1.2.10+ds1-1ubuntu1+esm1"
          }
        ]
      },
      "package": {
        "ecosystem": "Ubuntu:Pro:20.04:LTS",
        "name": "cacti",
        "purl": "pkg:deb/ubuntu/cacti@1.2.10+ds1-1ubuntu1+esm1?arch=source\u0026distro=esm-apps/focal"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.2.10+ds1-1ubuntu1+esm1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "1.2.4+ds1-2ubuntu3",
        "1.2.9+ds1-1ubuntu1",
        "1.2.9+ds1-1ubuntu2",
        "1.2.10+ds1-1ubuntu1"
      ]
    }
  ],
  "aliases": [],
  "details": "It was discovered that Cacti was incorrectly validating permissions\nfor user accounts that had been recently disabled. An authenticated\nattacker could possibly use this to obtain unauthorized access to\napplication and system data. (CVE-2020-13230)\n\nIt was discovered that Cacti was incorrectly performing authorization\nchecks in auth_profile.php. A remote unauthenticated attacker could\nuse this to perform a CSRF attack and set a new admin email or make\nother changes. This issue only affected Ubuntu 18.04 ESM and\nUbuntu 20.04 ESM. (CVE-2020-13231)\n\nIt was discovered that Cacti incorrectly handled user provided input\nsent through request parameters to the color.php script. A remote\nauthenticated attacker could use this issue to perform SQL injection\nattacks. This issue only affected Ubuntu 18.04 ESM and Ubuntu 20.04 ESM.\n(CVE-2020-14295)\n\nIt was discovered that Cacti did not properly escape file input fields\nwhen performing template import operations for various themes. An\nauthenticated attacker could use this to perform XSS attacks. This issue\nonly affected Ubuntu 18.04 ESM and Ubuntu 20.04 ESM. (CVE-2020-14424)\n\nIt was discovered that Cacti incorrectly handled user provided input\nsent through request parameters to the data_debug.php script. A remote\nauthenticated attacker could use this issue to perform SQL injection\nattacks. This issue only affected Ubuntu 20.04 ESM. (CVE-2020-35701)\n",
  "id": "USN-5214-1",
  "modified": "2026-06-25T10:46:03Z",
  "published": "2022-06-09T09:14:15Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://ubuntu.com/security/notices/USN-5214-1"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2020-13230"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2020-13231"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2020-14295"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2020-14424"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2020-35701"
    }
  ],
  "related": [],
  "schema_version": "1.7.0",
  "summary": "cacti vulnerabilities",
  "upstream": [
    "UBUNTU-CVE-2020-13230",
    "UBUNTU-CVE-2020-13231",
    "UBUNTU-CVE-2020-14295",
    "UBUNTU-CVE-2020-14424",
    "UBUNTU-CVE-2020-35701"
  ]
}



Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Loading…

Detection rules are retrieved from Rulezet.

Loading…

Loading…