MidnightBSD

Advisories for munin-monitoring

CVE-2013-6048 MEDIUM

The get_group_tree function in lib/Munin/Master/HTMLConfig.pm in Munin before 2.0.18 allows remote nodes to cause a denial of service (infinite loop and memory consumption in the munin-html process) via crafted multigraph data.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
munin-monitoring munin *
munin-monitoring munin 2.0.11.1
munin-monitoring munin 2.0.0
munin-monitoring munin 2.0.11
munin-monitoring munin 2.0.5
munin-monitoring munin 2.0.4
munin-monitoring munin 2.0.9
munin-monitoring munin 2.0.12
munin-monitoring munin 2.0.8
munin-monitoring munin 2.0.16
munin-monitoring munin 2.0.2
munin-monitoring munin 2.0.3
munin-monitoring munin 2.0.10
munin-monitoring munin 2.0.6
munin-monitoring munin 2.0.14
munin-monitoring munin 2.0.15
munin-monitoring munin 2.0.1
munin-monitoring munin 2.0.13
munin-monitoring munin 2.0.7
CVE-2013-6359 MEDIUM

Munin::Master::Node in Munin before 2.0.18 allows remote attackers to cause a denial of service (abort data collection for node) via a plugin that uses "multigraph" as a multigraph service name.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
munin-monitoring munin *
munin-monitoring munin 2.0.11.1
munin-monitoring munin 2.0.0
munin-monitoring munin 2.0.11
munin-monitoring munin 2.0.5
munin-monitoring munin 2.0.4
munin-monitoring munin 2.0.9
munin-monitoring munin 2.0.12
munin-monitoring munin 2.0.8
munin-monitoring munin 2.0.16
munin-monitoring munin 2.0.2
munin-monitoring munin 2.0.3
munin-monitoring munin 2.0.10
munin-monitoring munin 2.0.6
munin-monitoring munin 2.0.14
munin-monitoring munin 2.0.15
munin-monitoring munin 2.0.1
munin-monitoring munin 2.0.13
munin-monitoring munin 2.0.7
CVE-2017-6188 LOW

Munin before 2.999.6 has a local file write vulnerability when CGI graphs are enabled. Setting multiple upper_limit GET parameters allows overwriting any file accessible to the www-data user.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N 1.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-20,

Products Affected

Vendor Product Version
munin-monitoring munin *
debian debian_linux 8.0