CVE-2023-39364: 
Cacti vulnerability analysis and mitigation

Cacti 1.2.24 contains an open redirect vulnerability (CVE-2023-39364) that affects users with console access. The vulnerability was discovered in September 2023 and affects the auth_changepassword.php functionality. The issue allows users to be redirected to arbitrary websites after changing their password through a specifically crafted URL (GitHub Advisory).

The vulnerability exists in the auth_changepassword.php file which accepts a 'ref' parameter as a URL parameter and reflects it in the password change form. The value is then used to perform a redirect via the PHP header function without proper validation. The vulnerability can be triggered when two conditions are met: the user has 'Console Access' permissions and their 'Login Options' are set to 'Show the page that user pointed their browser to' (which is the default setting) (GitHub Advisory). The vulnerability has been assigned a CVSS v3.1 base score of 5.4 MEDIUM by NVD and 3.5 LOW by GitHub (NVD).

The vulnerability allows an attacker to redirect users to malicious websites after they perform a password change operation. Users can be tricked into downloading malware, providing credentials, or interacting with malicious content on the redirected website (GitHub Advisory).

The vulnerability has been fixed in Cacti version 1.2.25. Users are advised to upgrade to this version or later. There are no known workarounds for this vulnerability (NVD, Debian Security).