Reports and Resources
Multiple Vulnerabilities discovered in the package Cacti
Loginsoft-2019-1036
February 11, 2019
CVE Number
CVE - CVE-2018-20723
CWE Number
CWE - 79
Product Details
Cacti is an open source network graphing solution designed to harness the power of RRD Tool's data storage and graphing functionality.
Vulnerable Versions
v1.1.38
Vulnerability Details
Before printing the `Name` value on the color ‘Template’ page, there is no escape being done, leaving the application vulnerable to the specific XSS attack.
Reference link:https://github.com/Cacti/cacti/issues/2215
Mitigations
- Avoid inserting or adding the untrusted input data
- Always perform the sanitation of the input data like HTML escape, Attribute escape, JavaScript escape JSON parsing and HTML encoding before inserting them into the page content
- It is advisable to practice content security policy and adopt the auto escaping template system
- Implement the X-XSS-Protection response header
Timeline
Vendor Disclosure: 2018-12-15Public Disclosure: 2019-02-11
CVE Number
CVE - CVE-2018-20725
Vulnerability Details
Before printing the `Vertical Table` value on the ‘Graphic Template page, there is no escape being done, leaving the application vulnerable to the specific XSS attack.
Reference link:https://github.com/Cacti/cacti/issues/2214
Mitigations
- Avoid inserting or adding the untrusted input data
- Always perform the sanitation of the input data like HTML escape, Attribute escape, JavaScript escape JSON parsing and HTML encoding before inserting them into the page content
- It is advisable to practice content security policy and adopt the auto escaping template system
- Implement the X-XSS-Protection response header
Timeline
Vendor Disclosure: 2018-12-15
Public Disclosure: 2019-02-11
CVE Number
CVE - CVE-2018-20726
Vulnerability Details
Before printing the `Hostname` value on the ‘Tree’ table, there is no escape being done, leaving the application vulnerable to the specific XSS attack.
Reference link:https://github.com/Cacti/cacti/issues/2213
Mitigations
- Avoid inserting or adding the untrusted input data
- Always perform the sanitation of the input data like HTML escape, Attribute escape, JavaScript escape JSON parsing and HTML encoding before inserting them into the page content
- It is advisable to practice content security policy and adopt the auto escaping template system
- Implement the X-XSS-Protection response header
Timeline
Vendor Disclosure: 2018-12-16
Public Disclosure: 2019-02-11
CVE Number
CVE - CVE-2018-20724
Vulnerability Details
Before printing the `Hostname` value on the ‘Data collectors table’, there is no escape being done, leaving the application vulnerable to the specific XSS attack.
Reference link:https://github.com/Cacti/cacti/issues/2212
Mitigations
- Avoid inserting or adding the untrusted input data
- Always perform the sanitation of the input data like HTML escape, Attribute escape, JavaScript escape JSON parsing and HTML encoding before inserting them into the page content
- It is advisable to practice content security policy and adopt the auto escaping template system
- Implement the X-XSS-Protection response header
Timeline
Vendor Disclosure: 2018-12-15
Public Disclosure: 2019-02-11
Patch: https://github.com/Cacti/cacti/commit/80c2a88fb2afb93f87703ba4641f9970478c102d
Credit
Discovered by ACE Team - Loginsoft