CVE-2022-29712

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-29712

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-29712.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-29712

Aliases

GHSA-23f2-vgr6-fwv7

Published

2022-06-02T14:15:50Z

Modified

2024-05-14T11:19:12.874329Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

LibreNMS v22.3.0 was discovered to contain multiple command injection vulnerabilities via the serviceip, hostname, and serviceparam parameters.

References

https://github.com/librenms/librenms/pull/13932

Affected packages

Git / github.com/librenms/librenms

Affected ranges

Type: GIT
Repo: https://github.com/librenms/librenms
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

22209732ddef439cec4bb896ed1f4cf9aaf3cafb

Affected versions

0.*

0.1

1.*

1.19

1.20

1.21

1.25

1.26

1.27

1.28

1.29

1.30

1.30.01

1.31

1.31.01

1.31.02

1.31.03

1.32

1.33

1.35

1.36

1.37

1.38

1.39

1.40

1.41

1.42

1.42.01

1.43

1.44

1.45

1.46

1.47

1.48

1.48.1

1.49

1.50

1.51

1.52

1.53

1.53.1

1.54

1.55

1.56

1.57

1.58

1.58.1

1.59

1.60

1.61

1.62

1.63

1.64

1.64.1

1.65

1.66

1.67

1.68

1.69

1.70.0

1.70.1

Other

201505

201506

201507

201508

201509

201510

201511

201512

201601

201602

201603

201604

201605

201606

201607

201608

20160828

201609

21.*

21.1.0

21.10.0

21.11.0

21.12.0

21.12.1

21.2.0

21.3.0

21.4.0

21.5.0

21.5.1

21.6.0

21.7.0

21.8.0

21.9.0

22.*

22.1.0

22.2.0

22.2.1

22.3.0