CVE-2017-6188

Munin before 2.999.6 has a local file write vulnerability when CGI graphs are enabled. Setting multiple upper_limit GET parameters allows overwriting any file accessible to the www-data user.

References

Affected packages

Git / github.com/munin-monitoring/munin

Affected ranges

Type: GIT
Repo: https://github.com/munin-monitoring/munin
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

3757f16bf453f172ca750403156029563405e840

Affected versions

0.*

0.9.9r7

1.*

1.0.0

1.0.0pre1

1.0.0pre2

1.0.0pre3

1.0.0pre4

1.0.0pre5

1.0.1

1.0.2

1.0.3

1.0.4

1.0.5

1.1.0

1.1.1

1.1.2

1.1.3

1.1.4

1.1.5

1.1.6

1.1.7

1.1.8

1.1.9

1.2.0

1.2.0rc1

1.2.0rc2

1.2.1

1.2.2

1.2.3

1.2.4

1.2.5

1.2.6

1.2.6rc0

1.2.6rc1

1.2.6rc2

1.3.0

1.3.1

1.3.2

1.3.3

1.3.3rc

1.3.4

1.4.0

1.4.0-alpha

1.4.0-alpha2

1.4.0-beta

1.4.1

1.4.2

1.4.3

1.4.4

1.4.5

1.4.6

2.*

2.0-alpha1

2.0-alpha2

2.0-beta1

2.0-beta2

2.0-beta3

2.0-beta4

2.0-beta5

2.0-beta6

2.0-beta7

2.0-rc1

2.0-rc2

2.0-rc3

2.0-rc4

2.0-rc5

2.0-rc6

2.0-rc7

2.0.0

2.0.0-1

2.0.1

2.0.1-1

2.0.10

2.0.10-1

2.0.11

2.0.11-1

2.0.11.1

2.0.11.1-1

2.0.12

2.0.12-1

2.0.13

2.0.13-1

2.0.14

2.0.14-1

2.0.15

2.0.15-1

2.0.16

2.0.16-1

2.0.16-2

2.0.16-3

2.0.17

2.0.17-1

2.0.17-2

2.0.17-3

2.0.18

2.0.18-1

2.0.19

2.0.19-1

2.0.19-2

2.0.19-3

2.0.2

2.0.2-1

2.0.20

2.0.21

2.0.22

2.0.22-1

2.0.23

2.0.23-1

2.0.24

2.0.25

2.0.26

2.0.27

2.0.28

2.0.29

2.0.3

2.0.30

2.0.4

2.0.5

2.0.5-1

2.0.6

2.0.6-1

2.0.6-2

2.0.7

2.0.8

2.0.9

2.0.9-1

2.0.9-2

2.0.9-3

2.0.9-4

2.0.9-5

debian/2.*

debian/2.0.16-3

debian/2.0.21-1

debian/2.0.21-2

debian/2.0.24-1

debian/2.0.25-1

debian/2.0.25-2

debian/2.0.26-1

debian/2.0.26-2

debian/2.0.26-3

debian/2.0.26-4

debian/2.0.27-1

debian/2.0.28-1

debian/2.0.29-1

upstream/2.*

upstream/2.0.21

upstream/2.0.24

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-6188.json"