From 9d712adaf71fe2bc8ad12345954054f7d03791aa Mon Sep 17 00:00:00 2001 From: Salvatore Bonaccorso Date: Tue, 25 Jan 2022 21:45:50 +0100 Subject: Update status for CVE-2021-23225/cacti While the MITRE entries are not too much transparent, the CVE is assigned by the Red Hat CNA. Red Hat refers for CVE-2021-23225 to https://github.com/Cacti/cacti/issues/1882 which covers a set of issues. Track CVE-2021-23225 with respect to the upstream issue #1882 and so mark it as fixed with the first unstable upload after the 1.2.0 upstream version. --- data/CVE/list.2021 | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/data/CVE/list.2021 b/data/CVE/list.2021 index d37cc54cc7..67a1b74c3d 100644 --- a/data/CVE/list.2021 +++ b/data/CVE/list.2021 @@ -10220,11 +10220,8 @@ CVE-2021-3892 CVE-2021-26247 (As an unauthenticated remote user, visit "http://<CACTI_SERVER>/ ...) TODO: check CVE-2021-23225 (Cacti 1.1.38 allows authenticated users with User Management permissio ...) - - cacti - TODO: check if these are the correct commits - NOTE: https://github.com/Cacti/cacti/commit/6a945c4b4713f80d4fc63369bd5451574ebdec42 - NOTE: https://github.com/Cacti/cacti/commit/1b9620cc0492ea6f12f63f05c94fff255da8524b - NOTE: https://www.cacti.net/info/changelog + - cacti 1.2.1+ds1-1 + NOTE: https://github.com/Cacti/cacti/issues/1882 CVE-2021-42553 RESERVED CVE-2021-42552 -- cgit v1.2.3