Web Front-End to Monitor System Data via RRDtool

Edit Package cacti

This package is based on the package 'cacti' from project 'openSUSE:Factory:Contrib'.

Cacti is a complete front-end to RRDtool: it stores all necessary
information for creating graphs and populates them with data from a
MySQL database. The front-end is completely PHP driven. Along with
being ableto maintain graphs, data sources, and round robin archives
ina database, Cacti also handles data gathering. There exists an SNMP
support for those accustomed to creating traffic graphs with MRTG as
well.

Refresh
Refresh
Source Files
Filename Size Changed
cacti-1.2.27.tar.gz 0046689007 44.5 MB
cacti-config.patch 0000001646 1.61 KB
cacti-cron.service 0000000183 183 Bytes
cacti-cron.timer 0000000148 148 Bytes
cacti-httpd.conf 0000000450 450 Bytes
cacti-httpd.conf.default 0000002102 2.05 KB
cacti-rpmlintrc 0000000519 519 Bytes
cacti.changes 0000166257 162 KB
cacti.cron 0000000078 78 Bytes
cacti.logrotate 0000000169 169 Bytes
cacti.spec 0000008579 8.38 KB
Latest Revision
Ana Guerrero's avatar Ana Guerrero (anag+factory) accepted request 1174071 from Andreas Stieger's avatar Andreas Stieger (AndreasStieger) (revision 50)
cacti 1.2.27
* CVE-2024-34340: Authentication Bypass when using using older password hashes (boo#1224240)
* CVE-2024-25641: RCE vulnerability when importing packages (boo#1224229)
* CVE-2024-31459: RCE vulnerability when plugins include files (boo#1224238)
* CVE-2024-31460: SQL Injection vulnerability when using tree rules through Automation API (boo#1224239)
* CVE-2024-29894: XSS vulnerability when using JavaScript based messaging API (boo#1224231)
* CVE-2024-31458: SQL Injection vulnerability when using form templates (boo#1224241)
* CVE-2024-31444: XSS vulnerability when reading tree rules with Automation API (boo#1224236)
* CVE-2024-31443: XSS vulnerability when managing data queries (boo#1224235)
* CVE-2024-31445: SQL Injection vulnerability when retrieving graphs using Automation API (boo#1224237)
* CVE-2024-27082: XSS vulnerability when managing trees (boo#1224230)
Comments 2

Franz Pförtsch's avatar

Hello, could you please extend the cacti.spec file and change the own/group membership of the directories

/srv/www/cacti/

/srv/www/cacti/scripts/

/srv/www/cacti/cache/

to the apache daemon like on the rra directories other wise I always have to run the following after the package update

chown -R wwwrun.www /srv/www/cacti/resource/snmp_queries/

chown -R wwwrun.www /srv/www/cacti/resource/script_server/

chown -R wwwrun.www /srv/www/cacti/resource/script_queries/

chown -R wwwrun.www /srv/www/cacti/scripts/

chown -R wwwrun.www /srv/www/cacti/scripts/boost/

chown -R wwwrun.www /srv/www/cacti/cache/mibcache/

chown -R wwwrun.www /srv/www/cacti/cache/realtime/

chown -R wwwrun.www /srv/www/cacti/cache/spikekill/

best regards Franz


Joel Baltazor's avatar

I submitted this request that I think would fix it: https://build.opensuse.org/request/show/1200909

-Joel

openSUSE Build Service is sponsored by