CVE-2012-3513 — Munin vulnerability

CWE-2645 documents5 sources

Severity

9.3CRITICALNVD

EPSS

0.8%

top 26.07%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Munin-monitoring Munin Debian Munin

Timeline

PublishedNov 21

Latest updateMay 17

Description

munin-cgi-graph in Munin before 2.0.6, when running as a CGI module under Apache, allows remote attackers to load new configurations and create files in arbitrary directories via the logdir command.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages3 packages

▶debiandebian/munin< munin 2.0.6-1 (bookworm)

▶Debianmunin-monitoring/munin< 2.0.6-1+3

▶NVDmunin-monitoring/munin2.0.5+19

🔴Vulnerability Details

GHSA

GHSA-cfmj-pc5v-pwv8: munin-cgi-graph in Munin before 2↗2022-05-17

▶

OSV

CVE-2012-3513: munin-cgi-graph in Munin before 2↗2012-11-21

▶

📋Vendor Advisories

Ubuntu

Munin vulnerabilities↗2012-11-05

▶

Debian

CVE-2012-3513: munin - munin-cgi-graph in Munin before 2.0.6, when running as a CGI module under Apache...↗2012

▶