cbcvebase.
CVE-2012-3512
published 2012-11-21

CVE-2012-3512: Munin before 2.0.6 stores plugin state files that run as root in the same group-writable directory as non-root plugins, which allows local users to execute…

PriorityP432high7.2CVSS 2.0
AVLACLAuNCCICAC
EPSS
0.59%
43.8th percentile
Munin before 2.0.6 stores plugin state files that run as root in the same group-writable directory as non-root plugins, which allows local users to execute arbitrary code by replacing a state file, as demonstrated using the smart_ plugin.

Affected

25 ranges
VendorProductVersion rangeFixed in
debianmunin< munin 2.0.6-1 (bookworm)munin 2.0.6-1 (bookworm)
munin-monitoringmunin<= 2.0.5
munin-monitoringmunin
munin-monitoringmunin
munin-monitoringmunin
munin-monitoringmunin
munin-monitoringmunin
munin-monitoringmunin
munin-monitoringmunin
munin-monitoringmunin
munin-monitoringmunin
munin-monitoringmunin
munin-monitoringmunin
munin-monitoringmunin
munin-monitoringmunin
munin-monitoringmunin
munin-monitoringmunin
munin-monitoringmunin
munin-monitoringmunin
munin-monitoringmunin
munin-monitoringmunin
munin-monitoringmunin>= 0 < 2.0.6-12.0.6-1
munin-monitoringmunin>= 0 < 2.0.6-12.0.6-1
munin-monitoringmunin>= 0 < 2.0.6-12.0.6-1
munin-monitoringmunin>= 0 < 2.0.6-12.0.6-1

CVSS provenance

nvdv2.07.2HIGHAV:L/AC:L/Au:N/C:C/I:C/A:C
osv7.2HIGH
vendor_debian7.2HIGH
vendor_ubuntu1.2LOW
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.