Описание
In Cacti through 1.2.6, authenticated users may bypass authorization checks (for viewing a graph) via a direct graph_json.php request with a modified local_graph_id parameter.
In Cacti through 1.2.6, authenticated users may bypass authorization checks (for viewing a graph) via a direct graph_json.php request with a modified local_graph_id parameter.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2019-16723
- https://github.com/Cacti/cacti/issues/2964
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZO3ROHHPKLH2JRW7ES5FYSQTWIPNVLQB
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZSCUUCKSYVZLN3PQE7NU76AFWUGT3E2D
EPSS
CVE ID
Связанные уязвимости
In Cacti through 1.2.6, authenticated users may bypass authorization checks (for viewing a graph) via a direct graph_json.php request with a modified local_graph_id parameter.
In Cacti through 1.2.6, authenticated users may bypass authorization checks (for viewing a graph) via a direct graph_json.php request with a modified local_graph_id parameter.
In Cacti through 1.2.6, authenticated users may bypass authorization c ...
Уязвимость функции local_graph_id системы мониторинга сервера Cacti, связанная с обходом авторизации посредством использования ключа, контролируемого пользователем, позволяющая нарушителю получить доступ к конфиденциальным данным
EPSS