Improper Preservation of Permissions
CVE-2020-13230
Summary
In Cacti before 1.2.11, disabling a user account does not immediately invalidate any permissions granted to that account (e.g., permission to view logs).
- LOW
- NETWORK
- NONE
- UNCHANGED
- NONE
- LOW
- LOW
- NONE
CWE-281 - Improper Preservation of Permissions
The software does not preserve permissions or incorrectly preserves permissions when copying, restoring, or sharing objects, which can cause them to have less restrictive permissions than intended.
References
Advisory Timeline
- Published