Debian Patches
Status for cacti/1.2.24+ds1-1+deb12u5
| Patch | Description | Author | Forwarded | Bugs | Origin | Last update |
|---|---|---|---|---|---|---|
| CVE-2023-39360.patch | [PATCH] QA: Different approach to XSS issue | TheWitness <thewitness@cacti.net> | no | https://github.com/cacti/cacti/commit/bc6dc996745ef0dee3427178c8d87a6402f3fefa | 2023-08-04 | |
| CVE-2023-39513.patch | [PATCH] Fixing #5324 - Over Escaping Debug log This is an issue between releases due to escaping log entries in the wrong location in the security fix. This change resolves that issue. Reindex device from GUI - debug info broken due to over escaping |
TheWitness <thewitness@cacti.net> | no | https://github.com/cacti/cacti/commit/23abb0e0a9729bd056b56f4fb5a6fc8e7ebda523 | 2023-06-04 | |
| CVE-2023-49088,50250,50569.patch | [PATCH] QA: Fix 2 of 3 - Commits for CVE-2023-49088 and CVE-2023-48086 Missed here https://github.com/Cacti/cacti/security/advisories/GHSA-q7g7-gcf6-wh4x and here: https://github.com/Cacti/cacti/security/advisories/GHSA-wc73-r2vw-59pr |
TheWitness <thewitness@cacti.net> | no | https://github.com/cacti/cacti/commit/73d9a60e24d6d826e6343b94d833b48c28b68643 | 2023-12-28 | |
| 0027-1-2-CVE-2024-29894-Merge-pull-request-from-GHSA-grj5.patch | [1/2] CVE-2024-29894 Merge pull request from GHSA-grj5-8fcj-34gh Cacti contain a residual cross-site scripting vulnerability caused by an incomplete fix for CVE-2023-50250. `raise_message_javascript` from `lib/functions.php` now uses purify.js to fix CVE-2023-50250 (among others). However, it still generates the code out of unescaped PHP variables `$title` and `$header`. If those variables contain single quotes, they can be used to inject JavaScript code. An attacker exploiting this vulnerability could execute actions on behalf of other users. This ability to impersonate users could lead to unauthorized changes to settings. [Summary] CVE-2023-50250, fixed in 1.2.26, can still be triggered with a non-empty file named "');alert(1);('".xml. [Details] raise_message_javascript from lib/functions.php now uses purify.js to fix CVE-2023-50250 (among others). However it still generates the code out of unescaped PHP variables $title and $header. If those variables contain single quotes, they can be used to inject JavaScript code. |
Beuc <beuc@beuc.net> | yes | upstream | https://github.com/Cacti/cacti/commit/9c75f8da5b609d17c8c031fd46362f730358b792 | 2024-04-07 |
| 0029-CVE-2024-31443-Merge-pull-request-from-GHSA-rqc8-78c.patch | CVE-2024-31443: Merge pull request from GHSA-rqc8-78cm-85j3 some of the data stored in `form_save()` function in `data_queries.php` is not thoroughly checked and is used to concatenate the HTML statement in `grow_right_pane_tree()` function from `lib/html.php` , finally resulting in cross-site scripting. |
TheWitness <thewitness@cacti.net> | no | 2024-04-07 | ||
| 0030-CVE-2024-31444-GHSA-p4ch-7hjw-6m87-XSS-vulnerability.patch | CVE-2024-31444 GHSA-p4ch-7hjw-6m87 XSS vulnerability when reading tree rules with Automation API some of the data stored in `automation_tree_rules_form_save()` function in `automation_tree_rules.php` is not thoroughly checked and is used to concatenate the HTML statement in `form_confirm()` function from `lib/html.php` , finally resulting in cross-site scripting. Version 1.2.27 contains a patch for the issue. |
TheWitness <thewitness@cacti.net> | yes | upstream | https://github.com/Cacti/cacti/commit/86d614c38c54e0ce58774d86617ecfbb853fb57b | 2024-04-09 |
| 0031-CVE-2024-31445-GHSA-vjph-r677-6pcc-SQL-injection-vul.patch | CVE-2024-31445 GHSA-vjph-r677-6pcc SQL injection vulnerability A SQL injection vulnerability in `automation_get_new_graphs_sql` function of `api_automation.php` allows authenticated users to exploit these SQL injection vulnerabilities to perform privilege escalation and remote code execution. In `api_automation.php` line 856, the `get_request_var('filter')` is being concatenated into the SQL statement without any sanitization. In `api_automation.php` line 717, The filter of `'filter'` is `FILTER_DEFAULT`, which means there is no filter for it |
TheWitness <thewitness@cacti.net> | yes | upstream | https://github.com/Cacti/cacti/commit/fd93c6e47651958b77c3bbe6a01fff695f81e886 | 2024-04-07 |
| 0032-CVE-2024-31458-GHSA-jrxg-8wh8-943x-SQL-injection.patch | CVE-2024-31458 GHSA-jrxg-8wh8-943x SQL injection some of the data stored in `form_save()` function in `graph_template_inputs.php` is not thoroughly checked and is used to concatenate the SQL statement in `draw_nontemplated_fields_graph_item()` function from `lib/html_form_templates.php` , finally resulting in SQL injection. |
TheWitness <thewitness@cacti.net> | yes | upstream | https://github.com/Cacti/cacti/commit/9e87882007b6091171d1a4786f0de4ae20efef7b | 2024-04-07 |
| 0033-CVE-2024-31459-GHSA-cx8g-hvq8-p2rv-remote-code-execu.patch | CVE-2024-31459 GHSA-cx8g-hvq8-p2rv remote code execution There is a file inclusion issue in the lib/plugin.php file. Combined with SQL injection vulnerabilities, RCE can be implemented. |
TheWitness <thewitness@cacti.net> | yes | upstream | https://github.com/Cacti/cacti/commit/96d9a4c60693d87ba0e347f1c7d33047b4effc61 | 2024-04-07 |
| CVE-2025-22604_pre1.patch | prepare fix for CVE-2025-22604 IPv6 Colon format fixes |
xmacan <petr.macek@kostax.cz> | yes | upstream | https://patch-diff.githubusercontent.com/raw/Cacti/cacti/pull/5875.patch | 2024-10-19 |
| perl-path.patch | Debian has perl on the path =================================================================== |
Paul Gevers <elbrus@debian.org> | not-needed | |||
| CVE-2023-39362_2.patch | [PATCH] QA: On command injection | TheWitness <thewitness@cacti.net> | no | 2023-08-04 | ||
| 0001-Fixing-5318-Additional-XSS-in-Cacti.patch | [PATCH] Fixing #5318 - Additional XSS in Cacti | TheWitness <thewitness@cacti.net> | no | 2023-06-19 | ||
| CVE-2024-43362.patch | CVE-2024-43362 | TheWitness <thewitness@cacti.net> | yes | upstream | backport, https://github.com/Cacti/cacti/commit/3f64e7c1a63e36d0e826c34f05ad20b6683b27ff | 2024-08-04 |
| 0026-CVE-2024-25641-Merge-pull-request-from-GHSA-7cmj-g5q.patch | CVE-2024-25641: Merge pull request from GHSA-7cmj-g5qc-pj88 * QA: Fixing Package Import CVE For now, we will only accept the Cacti public keys until such time as we are a registered CNA and have the ability to verify third parties or we make other arrangements. * QA: The keys in our package have trailing spaces [description] Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, an arbitrary file write vulnerability, exploitable through the "Package Import" feature, allows authenticated users having the "Import Templates" permission to execute arbitrary PHP code on the web server. The vulnerability is located within the `import_package()` function defined into the `/lib/import.php` script. The function blindly trusts the filename and file content provided within the XML data, and writes such files into the Cacti base path (or even outside, since path traversal sequences are not filtered). This can be exploited to write or overwrite arbitrary files on the web server, leading to execution of arbitrary PHP code or other security impacts. Version 1.2.27 contains a patch for this issue. |
Petr Macek <petr.macek@kostax.cz> | yes | upstream | backport, https://github.com/Cacti/cacti/commit/eff35b0ff26cc27c82d7880469ed6d5e3bef6210 | 2024-04-07 |
| 0035-CVE-2024-34340-GHSA-37x7-mfjv-mm7m-type-juggling-vul.patch | CVE-2024-34340 GHSA-37x7-mfjv-mm7m type juggling vulnerability Cacti calls `compat_password_hash` when users set their password. `compat_password_hash` use `password_hash` if there is it, else use `md5`. When verifying password, it calls `compat_password_verify`. In `compat_password_verify`, `password_verify` is called if there is it, else use `md5`. `password_verify` and `password_hash` are supported on PHP < 5.5.0, following PHP manual. The vulnerability is in `compat_password_verify`. Md5-hashed user input is compared with correct password in database by `$md5 == $hash`. It is a loose comparison, not `===`. It is a type juggling vulnerability [backport] Drop changelog and french translation update |
TheWitness <thewitness@cacti.net> | yes | upstream | backport, https://github.com/Cacti/cacti/commit/6183961089980322dfd9fd8011ade0f41703eaea | 2024-05-07 |
| CVE-2023-39364.patch | [PATCH] Correct issue with Hijacking Reference URL | TheWitness <thewitness@cacti.net> | no | 2023-08-04 | ||
| CVE-2024-43364-2.patch | CVE-2024-43364 [2/2] Fixing minor security issue |
TheWitness <thewitness@cacti.net> | yes | upstream | backport, https://github.com/Cacti/cacti/commit/059d107fade96cde3743f1e2d444ce52beb92321 | 2024-08-04 |
| 0036-CVE-2024-27082.patch | CVE-2024-27082 In this report, I have identified a security vulnerability in the Cacti web system that enables malicious actors to exploit it. This type of vulnerability falls under the category of Stored XSS. Stored XSS is one of the fundamental aspects of information security, and vulnerabilities in this area can lead to unauthorized access to sensitive information or critical resources Cookie. This vulnerability is associated with the Stored XSS process in the system. When a user logs in with high-level permissions,It has the ability to implement XSS Stored vulnerability and can exploit this vulnerability. |
=?utf-8?q?Bastien_Roucari=C3=A8s?= <rouca@debian.org> | yes | upstream | https://github.com/Cacti/cacti/commit/593ca99b7716acdaa6f6149b89662de9312376ef | 2024-09-08 |
| CVE-2023-39365.patch | [PATCH] Fixing #5348 - Issues with Regular Expression searches in Cacti Unchecked Regular expressions can lead to privilege escalation and data leakage |
TheWitness <thewitness@cacti.net> | no | 2023-06-04 | ||
| enable-system-jqueryui-by-putting-cacti-changes-in-main.css.patch | Upstream embeds jquery-ui.css, but we want to use the system version of that file. To honor cacti's changes to jquery-ui.css, the delta is added as an overload in main.css instead. =================================================================== |
Paul Gevers <elbrus@debian.org> | yes | upstream | ||
| CVE-2023-39361.patch | [PATCH] QA: Additional REGEXP and RLIKE changes | TheWitness <thewitness@cacti.net> | no | 2023-08-04 | ||
| CVE-2023-39362_1.patch | [PATCH] Addressing some potential command level injections | TheWitness <thewitness@cacti.net> | no | 2023-08-04 | ||
| 0001-Fixing-5318-Multiple-minor-stored-XSS-vulnerabilitie.patch | [PATCH] Fixing #5318 - Multiple minor stored XSS vulnerabilities | TheWitness <thewitness@cacti.net> | no | 2023-04-29 | ||
| CVE-2023-49085.patch | [PATCH] QA: Increase Cacti Security in four areas | TheWitness <thewitness@cacti.net> | no | https://github.com/cacti/cacti/commit/5f451bc680d7584525d18026836af2a1e31b2188 | 2023-11-18 | |
| CVE-2023-49086.patch | [PATCH] QA: Fix 2 of 3 - Commits for CVE-2023-49088 and CVE-2023-48086 Missed here https://github.com/Cacti/cacti/security/advisories/GHSA-q7g7-gcf6-wh4x and here: https://github.com/Cacti/cacti/security/advisories/GHSA-wc73-r2vw-59pr |
TheWitness <thewitness@cacti.net> | no | https://github.com/cacti/cacti/commit/56f9d99e6e5ab434ea18fa344236f41e78f99c59 | 2023-12-28 | |
| 0028-2-2-CVE-2024-29894-GHSA-grj5-8fcj-34gh-follow-up-fix.patch | [2/2] CVE-2024-29894 GHSA-grj5-8fcj-34gh follow-up fix (#5751) Not sure how this was lost during the back&forth during the GHSA process but we missed escaping the 3rd parameter of raise_message_javascript(). |
Beuc <beuc@beuc.net> | yes | upstream | https://github.com/Cacti/cacti/pull/5751/commits/7c60ef33e2a87b3047d66f651d7a2a096d108e58 | 2024-05-18 |
| 0034-CVE-2024-31460-GHSA-gj3f-p326-gh8r-SQL-injection.patch | CVE-2024-31460 GHSA-gj3f-p326-gh8r SQL injection some of the data stored in `automation_tree_rules.php` is not thoroughly checked and is used to concatenate the SQL statement in `create_all_header_nodes()` function from `lib/api_automation.php` , finally resulting in SQL injection. Using SQL based secondary injection technology, attackers can modify the contents of the Cacti database, and based on the modified content, it may be possible to achieve further impact, such as arbitrary file reading, and even remote code execution through arbitrary file writing |
TheWitness <thewitness@cacti.net> | yes | upstream | https://github.com/Cacti/cacti/commit/8b516cb9a73322ad532231e74000c2ee097b495e | 2024-04-07 |
| CVE-2023-39359.patch | [PATCH] Fixing XSS in graphs.php | TheWitness <thewitness@cacti.net> | no | 2023-08-04 | ||
| CVE-2024-43364-1.patch | CVE-2024-43364 [1/2] | TheWitness <thewitness@cacti.net> | yes | upstream | backport, https://github.com/Cacti/cacti/commit/e03f605dca8da56ecc7d321103a5842cd32007b0 | 2024-08-04 |
| CVE-2023-49084.patch | [PATCH] QA: Increase Cacti Security in four areas | TheWitness <thewitness@cacti.net> | no | https://github.com/cacti/cacti/commit/c3a647e9867ae8e2982e26342630ba9edb2d94b7 | 2023-11-18 | |
| CVE-2024-45598_to_CVE-2025-24368.patch | QA: 1.2.29 Security Updates (#6074) This fix CVE-2024-45598, CVE-2024-54145, CVE-2025-22604, CVE-2025-24367, CVE-2025-24368 bug-CVE-2024-45598: https://github.com/Cacti/cacti/security/advisories/GHSA-pv2c-97pp-vxwg bug-CVE-2024-54145: https://github.com/Cacti/cacti/security/advisories/GHSA-fh3x-69rr-qqpp bug-CVE-2025-22604: https://github.com/Cacti/cacti/security/advisories/GHSA-c5j8-jxj3-hh36 bug-CVE-2025-24367: https://github.com/Cacti/cacti/security/advisories/GHSA-fxrq-fr7h-9rqq bug-CVE-2025-24368: https://github.com/Cacti/cacti/security/advisories/GHSA-f9c7-7rc3-574c |
TheWitness <thewitness@cacti.net> | no | backport, https://github.com/Cacti/cacti/commit/94526a92b96c01848748602977819cd403932f0a | 2025-01-26 | |
| CVE-2024-43363.patch | CVE-2024-43363 Fixing a possible user directed RCE when installing Cacti [backport] set_install_config_option was introduced in https://github.com/Cacti/cacti/commit/5f78605e28a7a2a4fd4428934f73b207284d753b previously call set_config_option patch this function |
TheWitness <thewitness@cacti.net> | yes | upstream | backport, https://github.com/Cacti/cacti/commit/3adc71a2b97506bf26c21935e1e6f30d58fe88e3 | 2024-08-04 |
| font-awesome-path.patch | the file on Debian systems is named slightly different =================================================================== |
Paul Gevers <elbrus@debian.org> | no | |||
| dont-process-.github-in-docs.patch | =================================================================== | no | ||||
| adapt-check_all_pagest.sh-for-debian.patch | =================================================================== | no | ||||
| adapt-check_cli_version.sh-for-debian.patch | =================================================================== | no | ||||
| 07_cli-include-path.patch | Fix cli path =================================================================== |
Sean Finney <seanius@debian.org>, Slavko <linux@slavino.sk> | not-needed | debian | 2018-10-13 | |
| remove-external-images.patch | lintian detected privacy breach fix=================================================================== | Paul Gevers <elbrus@debian.org> | no | |||
| CVE-2023-39357.patch | [PATCH] Correct against possible SQL Injections | TheWitness <thewitness@cacti.net> | no | 2023-08-04 | ||
| CVE-2023-39358_1.patch | [PATCH] Fixing another SQL Injection issue | TheWitness <thewitness@cacti.net> | no | 2023-08-04 | ||
| CVE-2023-39358_2.patch | [PATCH] Minor update to SQL Injection fix | TheWitness <thewitness@cacti.net> | no | 2023-08-04 | ||
| CVE-2024-45598-fix.patch | QA: Additional change relative to GHSA-pv2c-97pp-vxwg Thanks to @TayfunYelim for identifying this. |
TheWitness <thewitness@cacti.net> | no | https://github.com/Cacti/cacti/commit/eca52c6bb3e76c55d66b1040baa6dbf37471a0ae | 2024-08-25 |
All known versions for source package 'cacti'
- 1.2.30+ds1-1 (trixie, forky, sid)
- 1.2.24+ds1-1+deb12u5 (bookworm, bookworm-security)