CVE-2017-6188
22.02.2017, 19:59
Munin before 2.999.6 has a local file write vulnerability when CGI graphs are enabled. Setting multiple upper_limit GET parameters allows overwriting any file accessible to the www-data user.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| munin-monitoring | munin | 𝑥 < 2.0.30.1 |
| munin-monitoring | munin | 2.1.0 ≤ 𝑥 < 2.999.9 |
| debian | debian_linux | 8.0 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
Amazon Linux Releases
Amazon Package | |||
|---|---|---|---|
| munin |
| ||
| munin-async |
| ||
| munin-cgi |
| ||
| munin-common |
| ||
| munin-java-plugins |
| ||
| munin-netip-plugins |
| ||
| munin-nginx |
| ||
| munin-node |
| ||
| munin-ruby-plugins |
|
Common Weakness Enumeration
References