-
-
Notifications
You must be signed in to change notification settings - Fork 406
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Unauthenticated Command Injection #5119
Comments
This was fixed as part of the security advisory GHSA-6p93-p743-35gf |
@paulgevers, @mortenstevens, If you aren't already aware, you should review this issue and take appropriate steps. |
@netniV thanks for the heads up. As I understand this issue, this is mostly for tracking purposes, and the actual fix is already available for a month right? As can be seen in the Debian Security Tracker, this issue has been fixed in Debian in the supported suites. Ubuntu is tracking it in bug 2001535. |
That's good, nice to see our users actively passing the information on 👍 |
Thanks for updating us @mortenstevens! Haven't heard from you in a while, hope things are well! |
Thanks guys! |
@netniV Thanks for asking. Everything is great, but I'm very busy with my company at the moment. |
Describe the bug
A bug exists where the proxy headers are incorrectly checked when not needed which can be used to bypass IP based security
Expected behavior
Cacti should only check the headers an admin defines as being set
The text was updated successfully, but these errors were encountered: