Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 716406 - <net-analyzer/cacti-1.2.11 - multiple vulnerabilities
Summary: <net-analyzer/cacti-1.2.11 - multiple vulnerabilities
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
Whiteboard: B3 [glsa+]
Depends on:
Reported: 2020-04-06 06:05 UTC by Jeroen Roovers (RETIRED)
Modified: 2020-04-30 23:19 UTC (History)
1 user (show)

See Also:
Package list:
=net-analyzer/cacti-spine-1.2.11 =net-analyzer/cacti-1.2.11
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Jeroen Roovers (RETIRED) gentoo-dev 2020-04-06 06:05:38 UTC

-security: Add SameSite support for cookies
-security: Cookie should be properly verified against password
-security: CSRF at Admin Email
-security: Improper Access Control on disabling a user.
-security: Update to jQuery 3.4.1 to resolve XSS issues with jQuery 3.3.1
Comment 1 Agostino Sarubbo gentoo-dev 2020-04-07 10:33:35 UTC
amd64 stable
Comment 2 Yury German Gentoo Infrastructure gentoo-dev 2020-04-08 05:47:41 UTC
Added to an existing GLSA Request.

Please continue stabilization x86/hppa/sparc
Comment 3 Agostino Sarubbo gentoo-dev 2020-04-08 09:53:35 UTC
sparc stable
Comment 4 Agostino Sarubbo gentoo-dev 2020-04-08 09:54:26 UTC
x86 stable
Comment 5 Rolf Eike Beer archtester 2020-04-08 21:18:43 UTC
hppa stable
Comment 6 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-04-08 21:19:55 UTC
@maintainer(s), please cleanup.
Comment 7 NATTkA bot gentoo-dev 2020-04-08 21:20:22 UTC
Resetting sanity check; keywords are not fully specified and arches are not CC-ed.
Comment 8 GLSAMaker/CVETool Bot gentoo-dev 2020-04-30 23:19:40 UTC
This issue was resolved and addressed in
 GLSA 202004-16 at
by GLSA coordinator Thomas Deutschmann (whissi).