In Cacti through 1.2.6, authenticated users may bypass authorization checks (for viewing a graph) via a direct graph_json.php request with a modified local_graph_id parameter.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 12 | all | cacti | < 1.2.7+ds1-1 | cacti_1.2.7+ds1-1_all.deb |
Debian | 11 | all | cacti | < 1.2.7+ds1-1 | cacti_1.2.7+ds1-1_all.deb |
Debian | 10 | all | cacti | < 1.2.2+ds1-2+deb10u2 | cacti_1.2.2+ds1-2+deb10u2_all.deb |
Debian | 999 | all | cacti | < 1.2.7+ds1-1 | cacti_1.2.7+ds1-1_all.deb |
Debian | 13 | all | cacti | < 1.2.7+ds1-1 | cacti_1.2.7+ds1-1_all.deb |