PT-2017-16936 · Project Munin+2 · Munin+2
Stevie Trujillo
·
Publicado
2017-02-22
·
Atualizado
2024-06-15
·
CVE-2017-6188
CVSS v3.1
5.5
Média
| Vetor | AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
Munin versions prior to 2.999.6
Description
The issue allows for local file write access when CGI graphs are enabled. By setting multiple
upper limit GET parameters, it is possible to overwrite any file accessible to the www-data user. This can be achieved through specific API endpoints, although the exact endpoints are not specified.Recommendations
For versions prior to 2.999.6, update to version 2.999.6 or later to resolve the issue.
As a temporary workaround, consider disabling CGI graphs until a patch is available.
Restrict access to files accessible by the
www-data user to minimize the risk of exploitation.Correção
RCE
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Munin
Suse
Ubuntu