CVE-2023-49088
Vulnerability from cvelistv5
Published
2023-12-22 16:16
Modified
2024-08-02 21:46
Severity ?
EPSS score ?
Summary
Cacti is an open source operational monitoring and fault management framework. The fix applied for CVE-2023-39515 in version 1.2.25 is incomplete as it enables an adversary to have a victim browser execute malicious code when a victim user hovers their mouse over the malicious data source path in `data_debug.php`. To perform the cross-site scripting attack, the adversary needs to be an authorized cacti user with the following permissions: `General Administration>Sites/Devices/Data`. The victim of this attack could be any account with permissions to view `http://<HOST>/cacti/data_debug.php`. As of time of publication, no complete fix has been included in Cacti.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T21:46:29.327Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://github.com/Cacti/cacti/security/advisories/GHSA-q7g7-gcf6-wh4x", "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/Cacti/cacti/security/advisories/GHSA-q7g7-gcf6-wh4x" }, { "name": "https://github.com/Cacti/cacti/security/advisories/GHSA-hrg9-qqqx-wc4h", "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/Cacti/cacti/security/advisories/GHSA-hrg9-qqqx-wc4h" }, { "name": "https://github.com/Cacti/cacti/blob/5f6f65c215d663a775950b2d9db35edbaf07d680/data_debug.php", "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/Cacti/cacti/blob/5f6f65c215d663a775950b2d9db35edbaf07d680/data_debug.php" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00018.html" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "cacti", "vendor": "Cacti", "versions": [ { "status": "affected", "version": "\u003c= 1.2.25" } ] } ], "descriptions": [ { "lang": "en", "value": "Cacti is an open source operational monitoring and fault management framework. The fix applied for CVE-2023-39515 in version 1.2.25 is incomplete as it enables an adversary to have a victim browser execute malicious code when a victim user hovers their mouse over the malicious data source path in `data_debug.php`. To perform the cross-site scripting attack, the adversary needs to be an authorized cacti user with the following permissions: `General Administration\u003eSites/Devices/Data`. The victim of this attack could be any account with permissions to view `http://\u003cHOST\u003e/cacti/data_debug.php`. As of time of publication, no complete fix has been included in Cacti." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-12-22T16:16:53.348Z", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M" }, "references": [ { "name": "https://github.com/Cacti/cacti/security/advisories/GHSA-q7g7-gcf6-wh4x", "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/Cacti/cacti/security/advisories/GHSA-q7g7-gcf6-wh4x" }, { "name": "https://github.com/Cacti/cacti/security/advisories/GHSA-hrg9-qqqx-wc4h", "tags": [ "x_refsource_MISC" ], "url": "https://github.com/Cacti/cacti/security/advisories/GHSA-hrg9-qqqx-wc4h" }, { "name": "https://github.com/Cacti/cacti/blob/5f6f65c215d663a775950b2d9db35edbaf07d680/data_debug.php", "tags": [ "x_refsource_MISC" ], "url": "https://github.com/Cacti/cacti/blob/5f6f65c215d663a775950b2d9db35edbaf07d680/data_debug.php" }, { "url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00018.html" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/" } ], "source": { "advisory": "GHSA-q7g7-gcf6-wh4x", "discovery": "UNKNOWN" }, "title": "Cacti has incomplete fix for CVE-2023-39515" } }, "cveMetadata": { "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2023-49088", "datePublished": "2023-12-22T16:16:53.348Z", "dateReserved": "2023-11-21T18:57:30.429Z", "dateUpdated": "2024-08-02T21:46:29.327Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2023-49088\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2023-12-22T17:15:08.247\",\"lastModified\":\"2024-11-21T08:32:47.840\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Cacti is an open source operational monitoring and fault management framework. The fix applied for CVE-2023-39515 in version 1.2.25 is incomplete as it enables an adversary to have a victim browser execute malicious code when a victim user hovers their mouse over the malicious data source path in `data_debug.php`. To perform the cross-site scripting attack, the adversary needs to be an authorized cacti user with the following permissions: `General Administration\u003eSites/Devices/Data`. The victim of this attack could be any account with permissions to view `http://\u003cHOST\u003e/cacti/data_debug.php`. As of time of publication, no complete fix has been included in Cacti.\"},{\"lang\":\"es\",\"value\":\"Cacti es un framework de gesti\u00f3n de fallos y monitoreo operativo de c\u00f3digo abierto. La soluci\u00f3n aplicada para CVE-2023-39515 en la versi\u00f3n 1.2.25 est\u00e1 incompleta, ya que permite que un adversario haga que el navegador de la v\u00edctima ejecute c\u00f3digo malicioso cuando un usuario v\u00edctima pasa el mouse sobre la ruta de la fuente de datos maliciosa en `data_debug.php`. Para realizar el ataque de cross-site scripting, el adversario debe ser un usuario de Cacti autorizado con los siguientes permisos: `General Administration\u0026gt;Sites/Devices/Data`. La v\u00edctima de este ataque podr\u00eda ser cualquier cuenta con permisos para ver `http:///cacti/data_debug.php`. Al momento de la publicaci\u00f3n, no se ha incluido ninguna soluci\u00f3n completa en Cacti.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N\",\"baseScore\":6.1,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":0.9,\"impactScore\":5.2},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N\",\"baseScore\":4.8,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.7,\"impactScore\":2.7}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cacti:cacti:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.2.25\",\"matchCriteriaId\":\"11743AE1-4C92-47E9-BDA5-764FE3984CE8\"}]}]}],\"references\":[{\"url\":\"https://github.com/Cacti/cacti/blob/5f6f65c215d663a775950b2d9db35edbaf07d680/data_debug.php\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]},{\"url\":\"https://github.com/Cacti/cacti/security/advisories/GHSA-hrg9-qqqx-wc4h\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]},{\"url\":\"https://github.com/Cacti/cacti/security/advisories/GHSA-q7g7-gcf6-wh4x\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2024/03/msg00018.html\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/Cacti/cacti/blob/5f6f65c215d663a775950b2d9db35edbaf07d680/data_debug.php\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]},{\"url\":\"https://github.com/Cacti/cacti/security/advisories/GHSA-hrg9-qqqx-wc4h\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]},{\"url\":\"https://github.com/Cacti/cacti/security/advisories/GHSA-q7g7-gcf6-wh4x\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2024/03/msg00018.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}" } }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.