CVE-2017-6188

Published: Feb 22, 2017Modified: May 13, 2026

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

Munin before 2.999.6 has a local file write vulnerability when CGI graphs are enabled. Setting multiple upper_limit GET parameters allows overwriting any file accessible to the www-data user.

Affected (3)

Products: Munin Monitoring: Munin · Debian: Debian Linux

1 product

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Munin Monitoring Munin	Before 2.0.30.1
Munin Monitoring Munin	From 2.1.0 to 2.999.9

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 8.0

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (10)

http://www.securityfocus.com/bid/96399

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

https://bugs.debian.org/855705

Source: cve@mitre.org

Issue TrackingThird Party Advisory

https://github.com/munin-monitoring/munin/issues/721

Source: cve@mitre.org

Issue TrackingPatchThird Party Advisory

https://security.gentoo.org/glsa/201710-05

Source: cve@mitre.org

Third Party Advisory

https://www.debian.org/security/2017/dsa-3794

Source: cve@mitre.org

Third Party Advisory

http://www.securityfocus.com/bid/96399