CVE-2024-27082

NameCVE-2024-27082
DescriptionCacti provides an operational monitoring and fault management framework. Versions of Cacti prior to 1.2.27 are vulnerable to stored cross-site scripting, a type of cross-site scripting where malicious scripts are permanently stored on a target server and served to users who access a particular page. Version 1.2.27 contains a patch for the issue.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
cacti (PTS)jessie, jessie (lts)0.8.8b+dfsg-8+deb8u10vulnerable
stretch (security), stretch (lts), stretch0.8.8h+ds1-10+deb9u2vulnerable
buster (security), buster, buster (lts)1.2.2+ds1-2+deb10u6vulnerable
bullseye1.2.16+ds1-2+deb11u3fixed
bullseye (security)1.2.16+ds1-2+deb11u4fixed
bookworm1.2.24+ds1-1+deb12u4vulnerable
bookworm (security)1.2.24+ds1-1+deb12u2vulnerable
sid, trixie1.2.28+ds1-3fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
cactisourcejessie(unfixed)end-of-life
cactisourcestretch(unfixed)end-of-life
cactisourcebuster(unfixed)end-of-life
cactisourcebullseye(not affected)
cactisource(unstable)1.2.27+ds1-1

Notes

[bookworm] - cacti <no-dsa> (Minor issue)
[bullseye] - cacti <not-affected> (Vulnerable code not present)
GitHub GHSA: https://github.com/Cacti/cacti/security/advisories/GHSA-j868-7vjp-rp9h
bug: https://github.com/Cacti/cacti/issues/5798
Commit [1/6] https://github.com/Cacti/cacti/commit/58a980f335980ab57659420053d89d4e721ae3fc
Commit [2/6] https://github.com/Cacti/cacti/commit/73d9a60e24d6d826e6343b94d833b48c28b68643
Commit [3/6] https://github.com/Cacti/cacti/commit/593ca99b7716acdaa6f6149b89662de9312376ef
Commit [4/6] https://github.com/Cacti/cacti/commit/59e39b34f8f1d80b28d38a391d7aa6e7a3302f5b
Commit [5/6] https://github.com/Cacti/cacti/commit/9c75f8da5b609d17c8c031fd46362f730358b792
Commit [6/6] https://github.com/Cacti/cacti/commit/6a82fa1abe81d96238a87727087572ff749d0a8d
Main commit for CVE-2024-27082 is considered [3/6], the other commits are either related
as pre-requisites and relating to other present CVEs.

Search for package or bug name: Reporting problems