CVE-2022-0730: Under certain ldap conditions, Cacti authentication can be bypassed with certain credential types. And from 1.2.20 (unreleased) changelog, "security: Resolve issues with XSS issues in color_template. Thanks @M0rphling"
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7527905c4777bb0c1afe4336bfd963a269463722 commit 7527905c4777bb0c1afe4336bfd963a269463722 Author: Sam James <sam@gentoo.org> AuthorDate: 2022-05-16 07:02:43 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2022-05-16 19:56:40 +0000 net-analyzer/cacti-spine: add 1.2.20 Bug: https://bugs.gentoo.org/834597 Signed-off-by: Sam James <sam@gentoo.org> net-analyzer/cacti-spine/Manifest | 1 + net-analyzer/cacti-spine/cacti-spine-1.2.20.ebuild | 45 ++++++++++++++++++++++ 2 files changed, 46 insertions(+) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=af9acbd6e910d2487d82d3415c1fc01005b5872d commit af9acbd6e910d2487d82d3415c1fc01005b5872d Author: Sam James <sam@gentoo.org> AuthorDate: 2022-05-16 06:53:01 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2022-05-16 19:56:39 +0000 net-analyzer/cacti: add 1.2.20 Bug: https://bugs.gentoo.org/834597 Signed-off-by: Sam James <sam@gentoo.org> net-analyzer/cacti/Manifest | 1 + net-analyzer/cacti/cacti-1.2.20.ebuild | 49 ++++++++++++++++++++++++++++++++++ 2 files changed, 50 insertions(+)
Please cleanup
