Описание
auth_login.php in Cacti before 1.0.0 allows remote authenticated users who use web authentication to bypass intended access restrictions by logging in as a user not in the cacti database, because the guest user is not considered. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-2313.
| Релиз | Статус | Примечание |
|---|---|---|
| artful | not-affected | 1.1.18+ds1-1 |
| bionic | not-affected | |
| cosmic | not-affected | |
| devel | not-affected | |
| esm-apps/bionic | not-affected | |
| esm-apps/xenial | released | 0.8.8f+ds1-4ubuntu4.16.04.2 |
| esm-infra-legacy/trusty | released | 0.8.8b+dfsg-5ubuntu0.2 |
| precise/esm | DNE | |
| trusty | released | 0.8.8b+dfsg-5ubuntu0.2 |
| trusty/esm | released | 0.8.8b+dfsg-5ubuntu0.2 |
Показывать по
Ссылки на источники
6.5 Medium
CVSS2
8.8 High
CVSS3
Связанные уязвимости
auth_login.php in Cacti before 1.0.0 allows remote authenticated users who use web authentication to bypass intended access restrictions by logging in as a user not in the cacti database, because the guest user is not considered. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-2313.
auth_login.php in Cacti before 1.0.0 allows remote authenticated users ...
auth_login.php in Cacti before 1.0.0 allows remote authenticated users who use web authentication to bypass intended access restrictions by logging in as a user not in the cacti database, because the guest user is not considered. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-2313.
6.5 Medium
CVSS2
8.8 High
CVSS3