CVE-2024-45598

CVE-2024-45598

Name

CVE-2024-45598

Description

Cacti is an open source performance and fault management framework. Prior to 1.2.29, an administrator can change the `Poller Standard Error Log Path` parameter in either Installation Step 5 or in Configuration->Settings->Paths tab to a local file inside the server. Then simply going to Logs tab and selecting the name of the local file will show its content on the web UI. This vulnerability is fixed in 1.2.29.

NVD Severity

unknown

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
security-advisories@github.com	https://github.com/Cacti/cacti/commit/eca52c6bb3e76c55d66b1040baa6dbf37471a0ae
security-advisories@github.com	https://github.com/Cacti/cacti/security/advisories/GHSA-pv2c-97pp-vxwg
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2025/02/msg00010.html

Type

URI

security-advisories@github.com

https://github.com/Cacti/cacti/commit/eca52c6bb3e76c55d66b1040baa6dbf37471a0ae

security-advisories@github.com

https://github.com/Cacti/cacti/security/advisories/GHSA-pv2c-97pp-vxwg

af854a3a-2127-422b-91ae-364da2661108

https://lists.debian.org/debian-lts-announce/2025/02/msg00010.html

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:cacti:cacti::::::::`	cacti	>= None	< 1.2.29

CPE URI

Source package

Min version

Max version

cpe:2.3:a:cacti:cacti:*:*:*:*:*:*:*:*

cacti

>= None

< 1.2.29

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
cacti	edge-community	1.2.29-r0	None	fixed
cacti	edge-community	1.2.28-r1	None	possibly vulnerable
cacti	edge-community	1.2.28-r0	Jeff Bilyk <jbilyk@gmail.com>	possibly vulnerable
cacti	edge-community	1.2.27-r0	Jeff Bilyk <jbilyk@gmail.com>	possibly vulnerable
cacti	edge-community	1.2.26-r0	Jeff Bilyk <jbilyk@gmail.com>	possibly vulnerable
cacti	edge-community	1.2.25-r0	Jeff Bilyk <jbilyk@gmail.com>	possibly vulnerable
cacti	edge-community	1.2.20-r0	Jeff Bilyk <jbilyk@gmail.com>	possibly vulnerable
cacti	edge-community	1.2.17-r0	Jeff Bilyk <jbilyk@gmail.com>	possibly vulnerable
cacti	edge-community	1.2.13-r0	None	possibly vulnerable
cacti	edge-community	1.2.8-r0	None	possibly vulnerable
cacti	3.22-community	1.2.29-r0	None	fixed
cacti	3.22-community	1.2.28-r0	None	possibly vulnerable
cacti	3.22-community	1.2.27-r0	None	possibly vulnerable
cacti	3.22-community	1.2.26-r0	None	possibly vulnerable
cacti	3.22-community	1.2.25-r0	None	possibly vulnerable
cacti	3.22-community	1.2.20-r0	None	possibly vulnerable
cacti	3.22-community	1.2.17-r0	None	possibly vulnerable
cacti	3.22-community	1.2.13-r0	None	possibly vulnerable
cacti	3.22-community	1.2.8-r0	None	possibly vulnerable
cacti	3.21-community	1.2.29-r0	None	fixed

Source package

Branch

Version

Maintainer

Status

References

Match rules

Vulnerable and fixed packages