CVE-2012-3513
critical
CVSS v3
—
CVSS v2
9.3
VIR risk
9.3
Description
munin-cgi-graph in Munin before 2.0.6, when running as a CGI module under Apache, allows remote attackers to load new configurations and create files in arbitrary directories via the logdir command.
Predictions
Exploit likelihood
20%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2012-3513
Vendor advisory: secalert@redhat.com — http://www.munin-monitoring.org/ticket/1238
OS impact
| OS | Version | Status | Fixed in |
|---|---|---|---|
| debian | bookworm | fixed | 2.0.6-1 |
| debian | bullseye | fixed | 2.0.6-1 |
| debian | forky | fixed | 2.0.6-1 |
| debian | sid | fixed | 2.0.6-1 |
| debian | trixie | fixed | 2.0.6-1 |
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| munin-monitoring | munin | {"endIncluding":"2.0.5"} | |
| munin-monitoring | munin | 2.0-beta1 | |
| munin-monitoring | munin | 2.0-beta2 | |
| munin-monitoring | munin | 2.0-beta3 | |
| munin-monitoring | munin | 2.0-beta4 | |
| munin-monitoring | munin | 2.0-beta5 | |
| munin-monitoring | munin | 2.0-beta6 | |
| munin-monitoring | munin | 2.0-beta7 | |
| munin-monitoring | munin | 2.0-rc1 | |
| munin-monitoring | munin | 2.0-rc2 | |
| munin-monitoring | munin | 2.0-rc3 | |
| munin-monitoring | munin | 2.0-rc4 | |
| munin-monitoring | munin | 2.0-rc5 | |
| munin-monitoring | munin | 2.0-rc6 | |
| munin-monitoring | munin | 2.0-rc7 | |
| munin-monitoring | munin | 2.0.0 | |
| munin-monitoring | munin | 2.0.1 | |
| munin-monitoring | munin | 2.0.2 | |
| munin-monitoring | munin | 2.0.3 | |
| munin-monitoring | munin | 2.0.4 | |
References
CWEs
CWE-264
Verify integrity in audit chain (admin only). AS-IS.