5.5
CVE-2017-6188
- EPSS 0.42%
- Veröffentlicht 22.02.2017 19:59:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
- CVE-Watchlists
- Unerledigt
Munin before 2.999.6 has a local file write vulnerability when CGI graphs are enabled. Setting multiple upper_limit GET parameters allows overwriting any file accessible to the www-data user.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Munin-monitoring ≫ Munin Version < 2.0.30.1
Munin-monitoring ≫ Munin Version >= 2.1.0 < 2.999.9
Debian ≫ Debian Linux Version8.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.42% | 0.335 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.5 | 1.8 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
|
| nvd@nist.gov | 1.9 | 3.4 | 2.9 |
AV:L/AC:M/Au:N/C:N/I:P/A:N
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
http://www.securityfocus.com/bid/96399
https://bugs.debian.org/855705
https://github.com/munin-monitoring/munin/issues/721
https://security.gentoo.org/glsa/201710-05
https://www.debian.org/security/2017/dsa-3794