-security#3285: When guest users have access to realtime graphs, remote code could be executed (CVE-2020-8813)
>This is a low risk exploit as the default Cacti configuration is set such that the Guest account is disabled, the Guest account has no access to realtime graphs under permissions and the guest template user is not set.
So going for C1. Thanks for moving quickly to stabilise!
Maintainer(s), please cleanup.
Security, please add it to the existing request, or file a new one.
Resetting sanity check; keywords are not fully specified and arches are not CC-ed.
Arches and Maintainer(s), Thank you for your work.
New GLSA Request filed.
Unable to check for sanity:
> no match for package: =net-analyzer/cacti-1.2.10
This issue was resolved and addressed in
GLSA 202004-16 at https://security.gentoo.org/glsa/202004-16
by GLSA coordinator Thomas Deutschmann (whissi).