FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

cacti -- Authenticated users may bypass authorization checks

Affected packages
cacti < 1.2.7

Details

VuXML ID ed18aa92-e4f4-11e9-b6fa-3085a9a95629
Discovery 2019-09-23
Entry 2019-10-02

The cacti developers reports:

In Cacti through 1.2.6, authenticated users may bypass authorization checks (for viewing a graph) via a direct graph_json.php request with a modified local_graph_id parameter.

[source]

References

CVE Name CVE-2019-16723
URL https://github.com/Cacti/cacti/releases/tag/release%2F1.2.7

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.