Munin-Monitoring: >> Munin >> 2.0-rc1 Security Vulnerabilities
Munin before 2.0.6 stores plugin state files that run as root in the same group-writable directory as non-root plugins, which allows local users to execute arbitrary code by replacing a state file, as demonstrated using the smart_ plugin.
CVSS Score
7.2
EPSS Score
0.001
Published
2012-11-21
munin-cgi-graph in Munin before 2.0.6, when running as a CGI module under Apache, allows remote attackers to load new configurations and create files in arbitrary directories via the logdir command.
CVSS Score
9.3
EPSS Score
0.008
Published
2012-11-21