Medium severity5.5NVD Advisory· Published Feb 22, 2017· Updated May 13, 2026

CVE-2017-6188

Description

Munin before 2.999.6 has a local file write vulnerability when CGI graphs are enabled. Setting multiple upper_limit GET parameters allows overwriting any file accessible to the www-data user.

Affected products

Munin Monitoring/Munin
cpe:2.3:a:munin-monitoring:munin:*:*:*:*:*:*:*:*
Range: <2.0.30.1
Debian/Debian Linux
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/munin-monitoring/munin/issues/721nvdIssue TrackingPatchThird Party Advisory
www.securityfocus.com/bid/96399nvdThird Party AdvisoryVDB Entry
bugs.debian.org/855705nvdIssue TrackingThird Party Advisory
security.gentoo.org/glsa/201710-05nvdThird Party Advisory
www.debian.org/security/2017/dsa-3794nvdThird Party Advisory

News mentions

No linked articles in our index yet.

cvss	0.358
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000