CVE-2024-29894

{"id": "CVE-2024-29894", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 2.5, "exploitabilityScore": 2.8}]}, "published": "2024-05-14T15:17:14.577", "references": [{"url": "https://github.com/Cacti/cacti/security/advisories/GHSA-grj5-8fcj-34gh", "source": "security-advisories@github.com"}, {"url": "https://github.com/Cacti/cacti/security/advisories/GHSA-xwqc-7jc4-xm73", "source": "security-advisories@github.com"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/", "source": "security-advisories@github.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-116"}, {"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Cacti provides an operational monitoring and fault management framework. Versions of Cacti prior to 1.2.27 contain a residual cross-site scripting vulnerability caused by an incomplete fix for CVE-2023-50250. `raise_message_javascript` from `lib/functions.php` now uses purify.js to fix CVE-2023-50250 (among others). However, it still generates the code out of unescaped PHP variables `$title` and `$header`. If those variables contain single quotes, they can be used to inject JavaScript code. An attacker exploiting this vulnerability could execute actions on behalf of other users. This ability to impersonate users could lead to unauthorized changes to settings. Version 1.2.27 fixes this issue."}, {"lang": "es", "value": "Cacti proporciona un framework de monitoreo operativo y gesti\u00f3n de fallas. Las versiones de Cacti anteriores a la 1.2.27 contienen una vulnerabilidad residual de Cross Site Scripting causada por una soluci\u00f3n incompleta para CVE-2023-50250. `raise_message_javascript` de `lib/functions.php` ahora usa purify.js para corregir CVE-2023-50250 (entre otros). Sin embargo, todav\u00eda genera el c\u00f3digo a partir de las variables PHP sin escape `$title` y `$header`. Si esas variables contienen comillas simples, se pueden usar para inyectar c\u00f3digo JavaScript. Un atacante que aproveche esta vulnerabilidad podr\u00eda ejecutar acciones en nombre de otros usuarios. Esta capacidad de hacerse pasar por usuarios podr\u00eda dar lugar a cambios no autorizados en la configuraci\u00f3n. La versi\u00f3n 1.2.27 soluciona este problema."}], "lastModified": "2024-06-10T17:16:24.880", "sourceIdentifier": "security-advisories@github.com"}