ELA-588-1 cacti security update

multiple vulnerabilities

2022-03-29
Packagecacti
Version0.8.8b+dfsg-8+deb8u10
Related CVEs CVE-2018-10060 CVE-2018-10061 CVE-2020-13230 CVE-2020-23226 CVE-2021-23225 CVE-2022-0730

Multiple vulnerabilities were discovered in Cacti, a web interface for graphing of monitoring systems, leading to authentication bypass and cross-site scripting (XSS). An attacker may get access to unauthorized areas and impersonate other users, under certain conditions.

Additionally, follow-up fixes were included for CVE-2019-11025 (DLA-1757-1) and CVE-2020-7106 (DLA-2069-1).

For Debian 8 jessie, these problems have been fixed in version 0.8.8b+dfsg-8+deb8u10.

We recommend that you upgrade your cacti packages.

Further information about Extended LTS security advisories can be found at: https://deb.freexian.com/extended-lts/