CVE-2024-45598

Name
CVE-2024-45598
Description
Cacti is an open source performance and fault management framework. Prior to 1.2.29, an administrator can change the `Poller Standard Error Log Path` parameter in either Installation Step 5 or in Configuration->Settings->Paths tab to a local file inside the server. Then simply going to Logs tab and selecting the name of the local file will show its content on the web UI. This vulnerability is fixed in 1.2.29.
NVD Severity
unknown
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
security-advisories@github.com https://github.com/Cacti/cacti/commit/eca52c6bb3e76c55d66b1040baa6dbf37471a0ae
security-advisories@github.com https://github.com/Cacti/cacti/security/advisories/GHSA-pv2c-97pp-vxwg

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:cacti:cacti:*:*:*:*:*:*:*:* cacti >= None < 1.2.29

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
cacti edge-community 1.2.29-r0 None fixed
cacti 3.21-community 1.2.29-r0 None fixed