Stevie Trujillo

**Name of the Vulnerable Software and Affected Versions** Munin versions prior to 2.999.6 **Description** The issue allows for local file write access when CGI graphs are enabled. By setting multiple `upper limit` GET parameters, it is possible to overwrite any file accessible to the `www-data` user. This can be achieved through specific API endpoints, although the exact endpoints are not specified. **Recommendations** For versions prior to 2.999.6, update to version 2.999.6 or later to resolve the issue. As a temporary workaround, consider disabling CGI graphs until a patch is available. Restrict access to files accessible by the `www-data` user to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Munin versions prior to 2.0.6 **Description** The issue allows local users to execute arbitrary code by replacing a state file. This can be demonstrated using the smart plugin, where a local user can replace a state file to achieve arbitrary code execution. **Recommendations** For versions prior to 2.0.6, update to version 2.0.6 or later to resolve the issue. As a temporary workaround, consider restricting write access to the directory containing plugin state files to prevent local users from replacing state files.

**Name of the Vulnerable Software and Affected Versions** Munin versions prior to 2.0.6 **Description** The issue allows remote attackers to load new configurations and create files in arbitrary directories via the logdir command when munin-cgi-graph is running as a CGI module under Apache. **Recommendations** For versions prior to 2.0.6, update to version 2.0.6 or later to resolve the issue.