CVE-2017-6188

Munin before 2.999.6 has a local file write vulnerability when CGI graphs are enabled. Setting multiple upper_limit GET parameters allows overwriting any file accessible to the www-data user.

References

Affected packages

Git / github.com/munin-monitoring/munin

Affected ranges

Type

GIT

Repo

https://github.com/munin-monitoring/munin

Events

Introduced

Fixed

3757f16bf453f172ca750403156029563405e840

Introduced

7d5499100e2e67863992e0ab4b484458cb1d6b5e

Fixed

05686a7a5c1c880cd7d3e4d15bb524930aa3798a

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "2.0.30.1"
        },
        {
            "introduced": "2.1.0"
        },
        {
            "fixed": "2.999.9"
        }
    ]
}

Affected versions

2.*

2.0.0-1

2.0.1-1

2.0.10-1

2.0.11-1

2.0.11.1-1

2.0.12-1

2.0.13-1

2.0.14-1

2.0.15-1

2.0.16-1

2.0.16-2

2.0.16-3

2.0.17-1

2.0.17-2

2.0.17-3

2.0.18-1

2.0.19-1

2.0.19-2

2.0.19-3

2.0.2-1

2.0.22-1

2.0.23-1

2.0.5-1

2.0.6-1

2.0.9-1

2.0.9-2

2.0.9-3

2.0.9-4

2.0.9-5

2.1.0

2.1.1

2.1.10

2.1.11

2.1.12

2.1.2

2.1.3

2.1.4

2.1.6

2.1.6.1

2.1.7

2.1.8

2.1.9

2.999.4

2.999.5

2.999.6

2.999.7

2.999.8

debian/2.*

debian/2.0.16-3

debian/2.0.21-1

debian/2.0.21-2

debian/2.0.24-1

debian/2.0.25-1

debian/2.0.25-2

debian/2.0.26-1

debian/2.0.26-2

debian/2.0.26-3

debian/2.0.26-4

debian/2.0.27-1

debian/2.0.28-1

debian/2.0.29-1

Database specific

unresolved_ranges

[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "8.0"
            }
        ]
    }
]

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-6188.json"