CVE-2023-39364: Open redirect in change password functionality in Cacti
First published: Tue Sep 05 2023(Updated: )
Cacti is an open source operational monitoring and fault management framework. In Cacti 1.2.24, users with console access can be redirected to an arbitrary website after a change password performed via a specifically crafted URL. The `auth_changepassword.php` file accepts `ref` as a URL parameter and reflects it in the form used to perform the change password. It's value is used to perform a redirect via `header` PHP function. A user can be tricked in performing the change password operation, e.g., via a phishing message, and then interacting with the malicious website where the redirection has been performed, e.g., downloading malwares, providing credentials, etc. This issue has been addressed in version 1.2.25. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Credit: security-advisories@github.com security-advisories@github.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cacti Cacti | =1.2.24 | |
| Fedoraproject Fedora | =37 | |
| Fedoraproject Fedora | =38 | |
| debian/cacti | <=1.2.2+ds1-2+deb10u4<=1.2.2+ds1-2+deb10u5<=1.2.16+ds1-2+deb11u1<=1.2.24+ds1-1 | 1.2.16+ds1-2+deb11u2 1.2.24+ds1-1+deb12u1 1.2.25+ds1-2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://github.com/Cacti/cacti/security/advisories/GHSA-4pjv-rmrp-r59x
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CFH3J2WVBKY4ZJNMARVOWJQK6PSLPHFH/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WZGB2UXJEUYWWA6IWVFQ3ZTP22FIHMGN/
- https://github.com/Cacti/cacti/commit/05bf9dd89d056c7de9591396d92b25ddf140c0da
- https://security-tracker.debian.org/tracker/CVE-2023-39364
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WOQFYGLZBAWT4AWNMO7DU73QXWPXTCKH/
- https://www.debian.org/security/2023/dsa-5550
- https://lists.debian.org/debian-lts-announce/2024/03/msg00018.html
Frequently Asked Questions
What is CVE-2023-39364?
CVE-2023-39364 is a vulnerability in Cacti 1.2.24 that allows users with console access to be redirected to an arbitrary website after a change password is performed via a specifically crafted URL.
How does CVE-2023-39364 affect Cacti?
CVE-2023-39364 affects Cacti 1.2.24, allowing users with console access to be redirected to an arbitrary website after changing their password with a specially crafted URL.
What is the severity of CVE-2023-39364?
CVE-2023-39364 has a severity keyword of 'medium' and a severity value of 5.4.
How can I fix CVE-2023-39364?
To fix CVE-2023-39364, update your Cacti installation to version 1.2.25 or later, which includes a patch for this vulnerability.
Where can I find more information about CVE-2023-39364?
More information about CVE-2023-39364 can be found on the GitHub security advisory page: [https://github.com/Cacti/cacti/security/advisories/GHSA-4pjv-rmrp-r59x](https://github.com/Cacti/cacti/security/advisories/GHSA-4pjv-rmrp-r59x)
- collector/nvd-index
- collector/security-tracker-debian
- agent/author
- agent/type
- agent/event
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/references
- agent/title
- agent/weakness
- agent/tags
- agent/description
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- vendor/cacti
- canonical/cacti cacti
- version/cacti cacti/1.2.24
- vendor/fedoraproject
- canonical/fedoraproject fedora
- version/fedoraproject fedora/37
- version/fedoraproject fedora/38
- package-manager/debian