| Patch | Description | Author | Forwarded | Bugs | Origin | Last update |
|---|---|---|---|---|---|---|
| 07_cli-include-path.patch | Fix cli path =================================================================== |
Sean Finney <seanius@debian.org>, Slavko <linux@slavino.sk> | not-needed | debian | 2018-10-13 | |
| enable-system-jqueryui-by-putting-cacti-changes-in-main.css.patch | Upstream embeds jquery-ui.css, but we want to use the system version of that file. To honor cacti's changes to jquery-ui.css, the delta is added as an overload in main.css instead. =================================================================== |
Paul Gevers <elbrus@debian.org> | yes | upstream | ||
| perl-path.patch | Debian has perl on the path =================================================================== |
Paul Gevers <elbrus@debian.org> | not-needed | |||
| font-awesome-path.patch | the file on Debian systems is named slightly different =================================================================== |
Paul Gevers <elbrus@debian.org> | no | |||
| 0001-Fixing-Issue-4022.patch | [PATCH] Fixing Issue #4022 SQL Injection in data_debug.php |
TheWitness <thewitness@cacti.net> | no | 2020-12-24 | ||
| 0001-Fixing-Issue-4019.patch | [PATCH] Fixing Issue #4019 * In a recent audit of core Cacti code, there were a few stored XSS issues that can be exposed * Also removed a few spurious title_trims, that should no longer be a problem. |
TheWitness <thewitness@cacti.net> | no | 2020-12-23 | ||
| 1386bdbf7f845a32e24ac9415f3ebb7932e77fe7.patch | [PATCH] Fixing Issue #4562 - LDAP Authentication bypass issue Under certain LDAP server environments, cacti authentication can be bypassed |
TheWitness <thewitness@cacti.net> | no | 2022-02-21 | ||
| 8694bf28edad723585915a97b95fbf5b1816a02b.patch | [PATCH] Minor update to issue #4562 | TheWitness <thewitness@cacti.net> | no | 2022-02-21 | ||
| 7f0e16312dd5ce20f93744ef8b9c3b0f1ece2216.patch | [PATCH] Merge pull request from GHSA-6p93-p743-35gf * Resolving CVE-2022-46169 * QA: Provide a restrictive option * QA: Further restrict allowed headers to those defined in config only |
Mark Brugnoli-Vinten <netniv@hotmail.com> | no | 2022-12-05 | ||
| CVE-2023-39357.patch | [PATCH] Correct against possible SQL Injections | TheWitness <thewitness@cacti.net> | no | 2023-08-04 | ||
| CVE-2023-39359.patch | [PATCH] Fixing XSS in graphs.php | TheWitness <thewitness@cacti.net> | no | 2023-08-04 | ||
| CVE-2023-39361.patch | [PATCH] QA: Additional REGEXP and RLIKE changes | TheWitness <thewitness@cacti.net> | no | 2023-08-04 | ||
| CVE-2023-39362_1.patch | [PATCH] Addressing some potential command level injections | TheWitness <thewitness@cacti.net> | no | 2023-08-04 | ||
| CVE-2023-39362_2.patch | [PATCH] QA: On command injection | TheWitness <thewitness@cacti.net> | no | 2023-08-04 | ||
| CVE-2023-39364.patch | [PATCH] Correct issue with Hijacking Reference URL | TheWitness <thewitness@cacti.net> | no | 2023-08-04 | ||
| CVE-2023-39365.patch | [PATCH] Fixing #5348 - Issues with Regular Expression searches in Cacti Unchecked Regular expressions can lead to privilege escalation and data leakage |
TheWitness <thewitness@cacti.net> | no | 2023-06-04 | ||
| 0001-Fixing-5318-Multiple-minor-stored-XSS-vulnerabilitie.patch | [PATCH] Fixing #5318 - Multiple minor stored XSS vulnerabilities | TheWitness <thewitness@cacti.net> | no | 2023-04-29 | ||
| CVE-2023-39360.patch | [PATCH] QA: Different approach to XSS issue | TheWitness <thewitness@cacti.net> | no | https://github.com/cacti/cacti/commit/bc6dc996745ef0dee3427178c8d87a6402f3fefa | 2023-08-04 | |
| CVE-2023-39513.patch | [PATCH] Fixing #5324 - Over Escaping Debug log This is an issue between releases due to escaping log entries in the wrong location in the security fix. This change resolves that issue. Reindex device from GUI - debug info broken due to over escaping |
TheWitness <thewitness@cacti.net> | no | https://github.com/cacti/cacti/commit/23abb0e0a9729bd056b56f4fb5a6fc8e7ebda523 | 2023-06-04 | |
| CVE-2023-49084.patch | [PATCH] QA: Increase Cacti Security in four areas | TheWitness <thewitness@cacti.net> | no | https://github.com/cacti/cacti/commit/c3a647e9867ae8e2982e26342630ba9edb2d94b7 | 2023-11-18 | |
| CVE-2023-49085.patch | [PATCH] QA: Increase Cacti Security in four areas | TheWitness <thewitness@cacti.net> | no | https://github.com/cacti/cacti/commit/5f451bc680d7584525d18026836af2a1e31b2188 | 2023-11-18 | |
| CVE-2023-49086.patch | [PATCH] QA: Fix 2 of 3 - Commits for CVE-2023-49088 and CVE-2023-48086 Missed here https://github.com/Cacti/cacti/security/advisories/GHSA-q7g7-gcf6-wh4x and here: https://github.com/Cacti/cacti/security/advisories/GHSA-wc73-r2vw-59pr |
TheWitness <thewitness@cacti.net> | no | https://github.com/cacti/cacti/commit/56f9d99e6e5ab434ea18fa344236f41e78f99c59 | 2023-12-28 | |
| CVE-2023-49088.patch | [PATCH] QA: Fix 2 of 3 - Commits for CVE-2023-49088 and CVE-2023-48086 Missed here https://github.com/Cacti/cacti/security/advisories/GHSA-q7g7-gcf6-wh4x and here: https://github.com/Cacti/cacti/security/advisories/GHSA-wc73-r2vw-59pr |
TheWitness <thewitness@cacti.net> | no | https://github.com/cacti/cacti/commit/59e39b34f8f1d80b28d38a391d7aa6e7a3302f5b | 2023-12-28 | |
| 0024-CVE-2022-41444-Cross-Site-Scripting-XSS-vulnerabilit.patch | CVE-2022-41444 Cross Site Scripting (XSS) vulnerability Cross Site Scripting (XSS) vulnerability via crafted POST request to graphs_new.php. |
TheWitness <thewitness@cacti.net> | yes | upstream | https://github.com/Cacti/cacti/commit/ccb8b62de0f27f59d5e6073c2ae577a9ca7adaf8 | 2022-06-18 |
| 0025-CVE-2024-25641-Merge-pull-request-from-GHSA-7cmj-g5q.patch | CVE-2024-25641: Merge pull request from GHSA-7cmj-g5qc-pj88 * QA: Fixing Package Import CVE For now, we will only accept the Cacti public keys until such time as we are a registered CNA and have the ability to verify third parties or we make other arrangements. * QA: The keys in our package have trailing spaces [description] Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, an arbitrary file write vulnerability, exploitable through the "Package Import" feature, allows authenticated users having the "Import Templates" permission to execute arbitrary PHP code on the web server. The vulnerability is located within the `import_package()` function defined into the `/lib/import.php` script. The function blindly trusts the filename and file content provided within the XML data, and writes such files into the Cacti base path (or even outside, since path traversal sequences are not filtered). This can be exploited to write or overwrite arbitrary files on the web server, leading to execution of arbitrary PHP code or other security impacts. Version 1.2.27 contains a patch for this issue. [backport] package_import.php does not exist in this version, so ignoring those changes |
Petr Macek <petr.macek@kostax.cz> | yes | upstream | backport, https://github.com/Cacti/cacti/commit/eff35b0ff26cc27c82d7880469ed6d5e3bef6210 | 2024-04-07 |
| 0029-CVE-2024-31443-Merge-pull-request-from-GHSA-rqc8-78c.patch | CVE-2024-31443: Merge pull request from GHSA-rqc8-78cm-85j3 some of the data stored in `form_save()` function in `data_queries.php` is not thoroughly checked and is used to concatenate the HTML statement in `grow_right_pane_tree()` function from `lib/html.php` , finally resulting in cross-site scripting. |
TheWitness <thewitness@cacti.net> | no | 2024-04-07 | ||
| 0027-CVE-2024-31444-GHSA-p4ch-7hjw-6m87-XSS-vulnerability.patch | CVE-2024-31444 GHSA-p4ch-7hjw-6m87 XSS vulnerability when reading tree rules with Automation API some of the data stored in `automation_tree_rules_form_save()` function in `automation_tree_rules.php` is not thoroughly checked and is used to concatenate the HTML statement in `form_confirm()` function from `lib/html.php` , finally resulting in cross-site scripting. Version 1.2.27 contains a patch for the issue. [backport] Minimal backport for this release |
TheWitness <thewitness@cacti.net> | yes | upstream | backport, https://github.com/Cacti/cacti/commit/86d614c38c54e0ce58774d86617ecfbb853fb57b | 2024-04-09 |
| 0031-CVE-2024-31445-GHSA-vjph-r677-6pcc-SQL-injection-vul.patch | CVE-2024-31445 GHSA-vjph-r677-6pcc SQL injection vulnerability A SQL injection vulnerability in `automation_get_new_graphs_sql` function of `api_automation.php` allows authenticated users to exploit these SQL injection vulnerabilities to perform privilege escalation and remote code execution. In `api_automation.php` line 856, the `get_request_var('filter')` is being concatenated into the SQL statement without any sanitization. In `api_automation.php` line 717, The filter of `'filter'` is `FILTER_DEFAULT`, which means there is no filter for it |
TheWitness <thewitness@cacti.net> | yes | upstream | https://github.com/Cacti/cacti/commit/fd93c6e47651958b77c3bbe6a01fff695f81e886 | 2024-04-07 |
| 0029-CVE-2024-31458-GHSA-jrxg-8wh8-943x-SQL-injection.patch | CVE-2024-31458 GHSA-jrxg-8wh8-943x SQL injection some of the data stored in `form_save()` function in `graph_template_inputs.php` is not thoroughly checked and is used to concatenate the SQL statement in `draw_nontemplated_fields_graph_item()` function from `lib/html_form_templates.php` , finally resulting in SQL injection. |
TheWitness <thewitness@cacti.net> | yes | upstream | backport, https://github.com/Cacti/cacti/commit/9e87882007b6091171d1a4786f0de4ae20efef7b | 2024-04-07 |
| 0030-CVE-2024-31459-GHSA-cx8g-hvq8-p2rv-remote-code-execu.patch | CVE-2024-31459 GHSA-cx8g-hvq8-p2rv remote code execution There is a file inclusion issue in the lib/plugin.php file. Combined with SQL injection vulnerabilities, RCE can be implemented. |
TheWitness <thewitness@cacti.net> | yes | upstream | backport, https://github.com/Cacti/cacti/commit/96d9a4c60693d87ba0e347f1c7d33047b4effc61 | 2024-04-07 |
| 0034-CVE-2024-31460-GHSA-gj3f-p326-gh8r-SQL-injection.patch | CVE-2024-31460 GHSA-gj3f-p326-gh8r SQL injection some of the data stored in `automation_tree_rules.php` is not thoroughly checked and is used to concatenate the SQL statement in `create_all_header_nodes()` function from `lib/api_automation.php` , finally resulting in SQL injection. Using SQL based secondary injection technology, attackers can modify the contents of the Cacti database, and based on the modified content, it may be possible to achieve further impact, such as arbitrary file reading, and even remote code execution through arbitrary file writing |
TheWitness <thewitness@cacti.net> | yes | upstream | https://github.com/Cacti/cacti/commit/8b516cb9a73322ad532231e74000c2ee097b495e | 2024-04-07 |
| 0035-CVE-2024-34340-GHSA-37x7-mfjv-mm7m-type-juggling-vul.patch | CVE-2024-34340 GHSA-37x7-mfjv-mm7m type juggling vulnerability Cacti calls `compat_password_hash` when users set their password. `compat_password_hash` use `password_hash` if there is it, else use `md5`. When verifying password, it calls `compat_password_verify`. In `compat_password_verify`, `password_verify` is called if there is it, else use `md5`. `password_verify` and `password_hash` are supported on PHP < 5.5.0, following PHP manual. The vulnerability is in `compat_password_verify`. Md5-hashed user input is compared with correct password in database by `$md5 == $hash`. It is a loose comparison, not `===`. It is a type juggling vulnerability [backport] Drop changelog and french translation update |
TheWitness <thewitness@cacti.net> | yes | upstream | backport, https://github.com/Cacti/cacti/commit/6183961089980322dfd9fd8011ade0f41703eaea | 2024-05-07 |