OPENSUSE-SU-2020:0272-1

Advisory lineage Upstream: 10 Downstream: 0
Published: 01 Mar 2020, 17:12
Last modified:04 Feb 2026, 02:27

Vulnerability Summary

Overall Risk (default)
minimal
0/100
CVSS Score
No data
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

01 Mar 2020, 17:12
Published
Vulnerability first disclosed
04 Feb 2026, 02:27
Last Modified
Vulnerability information updated

Description

Security update for cacti, cacti-spine This update for cacti, cacti-spine fixes the following issues: cacti-spine was updated to version 1.2.9. Security issues fixed: - CVE-2009-4112: Fixed a privilege escalation (bsc#1122535). - CVE-2018-20723: Fixed a cross-site scripting (XSS) vulnerability (bsc#1122245). - CVE-2018-20724: Fixed a cross-site scripting (XSS) vulnerability (bsc#1122244). - CVE-2018-20725: Fixed a privilege escalation that could occur under certain conditions (bsc#1122535). - CVE-2018-20726: Fixed a cross-site scripting (XSS) vulnerability (bsc#1122242). - CVE-2019-16723: Fixed an authentication bypass vulnerability. - CVE-2019-17357: Fixed an SQL injection vulnerability (bsc#1158990). - CVE-2019-17358: Fixed an unsafe deserialization in sanitize_unserialize_selected_items (bsc#1158992). - CVE-2020-7106: Fixed a potential cross-site scripting (XSS) vulnerability (bsc#1163749). - CVE-2020-7237: Fixed a remote code execution that affected privileged users via shell metacharacters in the Performance Boost Debug Log field (bsc#1161297). Non-security issues fixed: - Fixed missing packages php-json, php-ctype, and php-gd in cacti.spec (boo#1101024). - Fixed Apache2.4 and Apache2.2 runtime configuration issue (boo#1101139).

Affected Systems

  • opensusecacti-spine&distro=openSUSE Leap 15.1

    < 1.2.9-lp151.3.3.1

  • opensusecacti&distro=openSUSE Leap 15.1

    < 1.2.9-lp151.3.3.1

References (23)