VDB

DEBIAN-CVE-2024-45598

DEBIAN-CVE-2024-45598 PUBLISHED CVSS 4.900000095367432 MEDIUM

Cacti is an open source performance and fault management framework. Prior to 1.2.29, an administrator can change the `Poller Standard Error Log Path` parameter in either Installation Step 5 or in Configuration->Settings->Paths tab to a local file inside the server. Then simply going to Logs tab and selecting the name of the local file will show its content on the web UI. This vulnerability is fixed in 1.2.29.

Risk Scores

CVSS 3.1
4.900000095367432
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Affected Products

VendorProductVersions
Debian:13cacti0, 0
Debian:14cacti0
Debian:11cacti1.2.16+ds1-2+deb11u3, 1.2.16+ds1-2+deb11u4, *
Debian:12cacti1.2.24+ds1-1, 1.2.24+ds1-1+deb12u2, 1.2.24+ds1-1+deb12u3

Timeline

  • Jan 27, 2025 CVE Published
  • May 10, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›