Create CVE-2023-30534 template for cacti insecure deserialization of filter data

[k0pak4]

PR Information

• Added CVE-2023-30534
• References: GHSA-77rf-774j-6h3p

Template Validation

I've validated this template locally?

• YES
• NO

Additional Details

Screenshot of template use against Cacti 1.2.24 (have tested on 1.2.10 as well)

[k0pak4]

Hi @DhiyaneshGeek just wanted to check in to see if there's something I can assist with for this PR?

[DhiyaneshGeek]

Hi @k0pak4 sorry for the delay in response

Is it possible to share the docker-setup instruction to setup a vulnerable environment locally

Looking forward to hear back from you

Thanks

[k0pak4]

@DhiyaneshGeek I don't have a docker setup for this, just pulled down the release from Cacti and installed it locally

[DhiyaneshGeek]

Hi @k0pak4 , i have tested this locally on vulhub/cacti:1.2.22 docker , validated it

i had removed /cacti/ path since it's was not present in the set-up , let me know if these changes looks good

Thanks

[pussycat0x]

Hi @k0pak4 Thank you for your contribution to this project. Your efforts are greatly appreciated. Cheers!

[k0pak4]

Sorry for the delay in response. No problem on the removal of /cacti/. It's probably a configurable value depending on where the particular person has installed. Thanks for closing this out!