Sni Thruk vulnerabilities
3 known vulnerabilities affecting sni/thruk.
Total CVEs
3
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH1
Vulnerabilities
Page 1 of 1
CVE-2023-34096P1HIGHCVSS 8.8PoCfixed in 3.06.22023-06-08
CVE-2023-34096 [HIGH] CWE-22 CVE-2023-34096: Thruk is a multibackend monitoring webinterface which currently supports Naemon, Icinga, Shinken and
Thruk is a multibackend monitoring webinterface which currently supports Naemon, Icinga, Shinken and Nagios as backends. In versions 3.06 and prior, the file `panorama.pm` is vulnerable to a Path Traversal vulnerability which allows an attacker to upload a file to any folder which has write permissions on the affected system. The parameter location is
nvd
CVE-2024-39915P2CRITICALCVSS 9.9fixed in 3.162024-07-15
CVE-2024-39915 [CRITICAL] CWE-94 CVE-2024-39915: Thruk is a multibackend monitoring webinterface for Naemon, Nagios, Icinga and Shinken using the Liv
Thruk is a multibackend monitoring webinterface for Naemon, Nagios, Icinga and Shinken using the Livestatus API. This authenticated RCE in Thruk allows authorized users with network access to inject arbitrary commands via the URL parameter during PDF report generation. The Thruk web application does not properly process the url parameter when gener
nvd
CVE-2024-23822P3CRITICALCVSS 9.8fixed in 3.122024-01-29
CVE-2024-23822 [CRITICAL] CWE-22 CVE-2024-23822: Thruk is a multibackend monitoring webinterface. Prior to 3.12, the Thruk web monitoring applicatio
Thruk is a multibackend monitoring webinterface. Prior to 3.12, the Thruk web monitoring application presents a vulnerability in a file upload form that allows a threat actor to arbitrarily upload files to the server to any path they desire and have permissions for. This vulnerability is known as Path Traversal or Directory Traversal. Version 3.12 f
nvd