CVE-2016-7067 — Cross-Site Request Forgery in Monit

CWE-352 — Cross-Site Request Forgery7 documents5 sources

Severity

6.5MEDIUMNVD

EPSS

0.2%

top 57.65%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Tildeslash Monit Mmonit Monit Debian Monit +1 more

Timeline

PublishedSep 10

Latest updateMay 13

Description

Monit before version 5.20.0 is vulnerable to a cross site request forgery attack. Successful exploitation will enable an attacker to disable/enable all monitoring for a particular host or disable/enable monitoring for a specific service.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages4 packages

▶NVDmmonit/monit< 5.20.0

▶debiandebian/monit< monit 1:5.20.0-1 (bookworm)

▶Debiantildeslash/monit< 1:5.20.0-1+3

▶CVEListV5tildeslash_ltd/monit5.20.0

🔴Vulnerability Details

GHSA

GHSA-62rw-754v-xcw2: Monit before version 5↗2022-05-13

▶

OSV

CVE-2016-7067: Monit before version 5↗2018-09-10

▶

📋Vendor Advisories

Debian

CVE-2016-7067: monit - Monit before version 5.20.0 is vulnerable to a cross site request forgery attack...↗2016

▶

💬Community

Bugzilla

CVE-2016-7067 monit: CSRF in Monit Service Manager [fedora-all]↗2016-10-31

▶

Bugzilla

CVE-2016-7067 monit: CSRF in Monit Service Manager↗2016-10-31

▶

Bugzilla

CVE-2016-7067 monit: CSRF in Monit Service Manager [epel-all]↗2016-10-31

▶