CVE-2024-29894

Cacti provides an operational monitoring and fault management framework. Versions of Cacti prior to 1.2.27 contain a residual cross-site scripting vulnerability caused by an incomplete fix for CVE-2023-50250. `raise_message_javascript` from `lib/functions.php` now uses purify.js to fix CVE-2023-50250 (among others). However, it still generates the code out of unescaped PHP variables `$title` and `$header`. If those variables contain single quotes, they can be used to inject JavaScript code. An attacker exploiting this vulnerability could execute actions on behalf of other users. This ability to impersonate users could lead to unauthorized changes to settings. Version 1.2.27 fixes this issue.
Configurations

No configuration.

History

21 Nov 2024, 09:08

Type Values Removed Values Added
References () https://github.com/Cacti/cacti/security/advisories/GHSA-grj5-8fcj-34gh - () https://github.com/Cacti/cacti/security/advisories/GHSA-grj5-8fcj-34gh -
References () https://github.com/Cacti/cacti/security/advisories/GHSA-xwqc-7jc4-xm73 - () https://github.com/Cacti/cacti/security/advisories/GHSA-xwqc-7jc4-xm73 -
References () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/ - () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/ -

10 Jun 2024, 17:16

Type Values Removed Values Added
Summary
  • (es) Cacti proporciona un framework de monitoreo operativo y gestión de fallas. Las versiones de Cacti anteriores a la 1.2.27 contienen una vulnerabilidad residual de Cross Site Scripting causada por una solución incompleta para CVE-2023-50250. `raise_message_javascript` de `lib/functions.php` ahora usa purify.js para corregir CVE-2023-50250 (entre otros). Sin embargo, todavía genera el código a partir de las variables PHP sin escape `$title` y `$header`. Si esas variables contienen comillas simples, se pueden usar para inyectar código JavaScript. Un atacante que aproveche esta vulnerabilidad podría ejecutar acciones en nombre de otros usuarios. Esta capacidad de hacerse pasar por usuarios podría dar lugar a cambios no autorizados en la configuración. La versión 1.2.27 soluciona este problema.
References
  • () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/ -

14 May 2024, 15:17

Type Values Removed Values Added
New CVE

Information

Published : 2024-05-14 15:17

Updated : 2024-11-21 09:08


NVD link : CVE-2024-29894

Mitre link : CVE-2024-29894

CVE.ORG link : CVE-2024-29894


JSON object : View

Products Affected

No product.

CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-116

Improper Encoding or Escaping of Output