{"id":"USN-5214-1","summary":"cacti vulnerabilities","details":"It was discovered that Cacti was incorrectly validating permissions\nfor user accounts that had been recently disabled. An authenticated\nattacker could possibly use this to obtain unauthorized access to\napplication and system data. (CVE-2020-13230)\n\nIt was discovered that Cacti was incorrectly performing authorization\nchecks in auth_profile.php. A remote unauthenticated attacker could\nuse this to perform a CSRF attack and set a new admin email or make\nother changes. This issue only affected Ubuntu 18.04 ESM and\nUbuntu 20.04 ESM. (CVE-2020-13231)\n\nIt was discovered that Cacti incorrectly handled user provided input\nsent through request parameters to the color.php script. A remote\nauthenticated attacker could use this issue to perform SQL injection\nattacks. This issue only affected Ubuntu 18.04 ESM and Ubuntu 20.04 ESM.\n(CVE-2020-14295)\n\nIt was discovered that Cacti did not properly escape file input fields\nwhen performing template import operations for various themes. An\nauthenticated attacker could use this to perform XSS attacks. This issue\nonly affected Ubuntu 18.04 ESM and Ubuntu 20.04 ESM. (CVE-2020-14424)\n\nIt was discovered that Cacti incorrectly handled user provided input\nsent through request parameters to the data_debug.php script. A remote\nauthenticated attacker could use this issue to perform SQL injection\nattacks. This issue only affected Ubuntu 20.04 ESM. (CVE-2020-35701)\n","modified":"2026-04-27T19:02:30.453595102Z","published":"2022-06-09T09:14:15Z","related":["UBUNTU-CVE-2020-13230","UBUNTU-CVE-2020-13231","UBUNTU-CVE-2020-14295","UBUNTU-CVE-2020-14424","UBUNTU-CVE-2020-35701"],"upstream":["CVE-2020-13230","CVE-2020-13231","CVE-2020-14295","CVE-2020-14424","CVE-2020-35701","UBUNTU-CVE-2020-13230","UBUNTU-CVE-2020-13231","UBUNTU-CVE-2020-14295","UBUNTU-CVE-2020-14424","UBUNTU-CVE-2020-35701"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-5214-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2020-13230"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2020-13231"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2020-14295"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2020-14424"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2020-35701"}],"affected":[{"package":{"name":"cacti","ecosystem":"Ubuntu:Pro:16.04:LTS","purl":"pkg:deb/ubuntu/cacti@0.8.8f+ds1-4ubuntu4.16.04.2+esm1?arch=source&distro=esm-apps/xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.8.8f+ds1-4ubuntu4.16.04.2+esm1"}]}],"versions":["0.8.8f+ds1-2","0.8.8f+ds1-3","0.8.8f+ds1-4","0.8.8f+ds1-4ubuntu1","0.8.8f+ds1-4ubuntu2","0.8.8f+ds1-4ubuntu3","0.8.8f+ds1-4ubuntu4","0.8.8f+ds1-4ubuntu4.16.04","0.8.8f+ds1-4ubuntu4.16.04.1","0.8.8f+ds1-4ubuntu4.16.04.2"],"ecosystem_specific":{"binaries":[{"binary_version":"0.8.8f+ds1-4ubuntu4.16.04.2+esm1","binary_name":"cacti"}],"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-5214-1.json","cves_map":{"cves":[{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","type":"CVSS_V3"},{"type":"Ubuntu","score":"low"}],"id":"CVE-2020-13230"}],"ecosystem":"Ubuntu:Pro:16.04:LTS"}}},{"package":{"name":"cacti","ecosystem":"Ubuntu:Pro:18.04:LTS","purl":"pkg:deb/ubuntu/cacti@1.1.38+ds1-1ubuntu0.1~esm1?arch=source&distro=esm-apps/bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.1.38+ds1-1ubuntu0.1~esm1"}]}],"versions":["1.1.18+ds1-1","1.1.27+ds1-2","1.1.27+ds1-3","1.1.28+ds1-2","1.1.35+ds1-1","1.1.36+ds1-1","1.1.38+ds1-1"],"ecosystem_specific":{"binaries":[{"binary_version":"1.1.38+ds1-1ubuntu0.1~esm1","binary_name":"cacti"}],"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-5214-1.json","cves_map":{"cves":[{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"type":"Ubuntu","score":"low"}],"id":"CVE-2020-13230"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2020-13231"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2020-14295"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2020-14424"}],"ecosystem":"Ubuntu:Pro:18.04:LTS"}}},{"package":{"name":"cacti","ecosystem":"Ubuntu:Pro:20.04:LTS","purl":"pkg:deb/ubuntu/cacti@1.2.10+ds1-1ubuntu1+esm1?arch=source&distro=esm-apps/focal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.2.10+ds1-1ubuntu1+esm1"}]}],"versions":["1.2.4+ds1-2ubuntu3","1.2.9+ds1-1ubuntu1","1.2.9+ds1-1ubuntu2","1.2.10+ds1-1ubuntu1"],"ecosystem_specific":{"binaries":[{"binary_version":"1.2.10+ds1-1ubuntu1+esm1","binary_name":"cacti"}],"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-5214-1.json","cves_map":{"cves":[{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"type":"Ubuntu","score":"low"}],"id":"CVE-2020-13230"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2020-13231"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2020-14295"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2020-14424"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2020-35701"}],"ecosystem":"Ubuntu:Pro:20.04:LTS"}}}],"schema_version":"1.7.5"}