UBUNTU-CVE-2024-31460

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2024-31460

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-31460.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2024-31460

Related

Published

2024-05-14T15:25:00Z

Modified

2024-05-14T15:25:00Z

Summary

[none]

Details

Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, some of the data stored in automation_tree_rules.php is not thoroughly checked and is used to concatenate the SQL statement in create_all_header_nodes() function from lib/api_automation.php , finally resulting in SQL injection. Using SQL based secondary injection technology, attackers can modify the contents of the Cacti database, and based on the modified content, it may be possible to achieve further impact, such as arbitrary file reading, and even remote code execution through arbitrary file writing. Version 1.2.27 contains a patch for the issue.

References

Affected packages

Ubuntu:Pro:18.04:LTS / cacti

Package

Name: cacti
Purl: pkg:deb/ubuntu/cacti?arch=src?distro=esm-apps/bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.1.38+ds1-1ubuntu0.1~esm3

Affected versions

1.*

1.1.18+ds1-1

1.1.27+ds1-2

1.1.27+ds1-3

1.1.28+ds1-2

1.1.35+ds1-1

1.1.36+ds1-1

1.1.38+ds1-1

1.1.38+ds1-1ubuntu0.1~esm1

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "1.1.38+ds1-1ubuntu0.1~esm3",
            "binary_name": "cacti"
        }
    ]
}

Ubuntu:20.04:LTS / cacti

Package

Name: cacti
Purl: pkg:deb/ubuntu/cacti?arch=src?distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.2.10+ds1-1ubuntu1.1

Affected versions

1.*

1.2.4+ds1-2ubuntu3

1.2.9+ds1-1ubuntu1

1.2.9+ds1-1ubuntu2

1.2.10+ds1-1ubuntu1

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "1.2.10+ds1-1ubuntu1.1",
            "binary_name": "cacti"
        }
    ]
}

Ubuntu:22.04:LTS / cacti

Package

Name: cacti
Purl: pkg:deb/ubuntu/cacti?arch=src?distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.2.19+ds1-2ubuntu1.1

Affected versions

1.*

1.2.16+ds1-2ubuntu1

1.2.19+ds1-2ubuntu1

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "1.2.19+ds1-2ubuntu1.1",
            "binary_name": "cacti"
        }
    ]
}

Ubuntu:24.04:LTS / cacti

Package

Name: cacti
Purl: pkg:deb/ubuntu/cacti?arch=src?distro=noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.2.26+ds1-1ubuntu0.1

Affected versions

1.*

1.2.25+ds1-2

1.2.26+ds1-1

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "1.2.26+ds1-1ubuntu0.1",
            "binary_name": "cacti"
        }
    ]
}