[Bug 1164675] VUL-0: CVE-2020-8813: cacti: remote attackers may execute arbitrary OS commands via shell metacharacters in a cookie, if a guest user has the graph real-time privilege

30 Apr 2020


      http://bugzilla.suse.com/show_bug.cgi?id=1164675
http://bugzilla.suse.com/show_bug.cgi?id=1164675#c4

--- Comment #4 from Swamp Workflow Management <swamp@suse.de> ---
openSUSE-SU-2020:0565-1: An update that fixes 11 vulnerabilities is now
available.

Category: security (important)
Bug References:
1082318,1122242,1122243,1122244,1122245,1122535,1158990,1158992,1161297,1164675,1169215
CVE References:
CVE-2009-4112,CVE-2018-20723,CVE-2018-20724,CVE-2018-20725,CVE-2018-20726,CVE-2019-16723,CVE-2019-17357,CVE-2019-17358,CVE-2020-7106,CVE-2020-7237,CVE-2020-8813
Sources used:
openSUSE Backports SLE-15-SP1 (src):    cacti-1.2.11-bp151.4.6.1,
cacti-spine-1.2.11-bp151.4.6.1

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug 1164675] VUL-0: CVE-2020-8813: cacti: remote attackers may execute arbitrary OS commands via shell metacharacters in a cookie, if a guest user has the graph real-time privilege

bugzilla_noreply＠novell.com