CVE-2020-36969 — Incorrect Authorization in LTD M Monit

CWE-863 — Incorrect Authorization6 documents5 sources

Severity

8.7HIGHNVD

EPSS

0.1%

top 75.03%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Tildeslash LTD M Monit Tildeslash M Monit Debian Monit

Timeline

PublishedJan 28

Description

M/Monit 3.7.4 contains a privilege escalation vulnerability that allows authenticated users to modify user permissions by manipulating the admin parameter. Attackers can send a POST request to the /api/1/admin/users/update endpoint with a crafted payload to grant administrative access to a standard user account.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Packages3 packages

▶debiandebian/monit

▶NVDtildeslash/m_monit3.7.4

▶CVEListV5tildeslash_ltd/m_monit3.7.4

🔴Vulnerability Details

OSV

CVE-2020-36969: M/Monit 3↗2026-01-28

▶

GHSA

GHSA-mwjm-9r99-f56x: M/Monit 3↗2026-01-28

▶

📋Vendor Advisories

Debian

CVE-2020-36969: monit - M/Monit 3.7.4 contains a privilege escalation vulnerability that allows authenti...↗2020

▶

🕵️Threat Intelligence

Wiz

CVE-2020-36968 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶

Wiz

CVE-2020-36969 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶