CVE-2024-31444
Published: 14 May 2024
Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, some of the data stored in `automation_tree_rules_form_save()` function in `automation_tree_rules.php` is not thoroughly checked and is used to concatenate the HTML statement in `form_confirm()` function from `lib/html.php` , finally resulting in cross-site scripting. Version 1.2.27 contains a patch for the issue.
Priority
Status
| Package | Release | Status |
|---|---|---|
|
cacti
Launchpad, Ubuntu, Debian |
bionic |
Released
(1.1.38+ds1-1ubuntu0.1~esm3)
Available with Ubuntu Pro |
| focal |
Released
(1.2.10+ds1-1ubuntu1.1)
|
|
| jammy |
Released
(1.2.19+ds1-2ubuntu1.1)
|
|
| mantic |
Ignored
(end of life, was needs-triage)
|
|
| noble |
Released
(1.2.26+ds1-1ubuntu0.1)
|
|
| trusty |
Released
(0.8.8b+dfsg-5ubuntu0.2+esm2)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only) |
|
| upstream |
Needs triage
|
|
| xenial |
Released
(0.8.8f+ds1-4ubuntu4.16.04.2+esm2)
Available with Ubuntu Pro |