CVE-2012-3513
Gentoo Linux Security Advisory 201405-17
Severity Score
7.5
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
munin-cgi-graph in Munin before 2.0.6, when running as a CGI module under Apache, allows remote attackers to load new configurations and create files in arbitrary directories via the logdir command.
munin-cgi-graph en Munin antes de v2.0.6, cuando se ejecuta como un módulo CGI bajo Apache, permite a atacantes remotos cargar nuevas configuraciones y crear archivos en directorios arbitrarios mediante el comando logdir.
Multiple vulnerabilities have been discovered in Munin which may lead to symlink attacks, file creation, or bypass of security restrictions. Versions less than 2.0.8-r2 are affected.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2012-06-14 CVE Reserved
- 2012-11-21 CVE Published
- 2024-09-16 CVE Updated
- 2024-09-16 First Exploit
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-264: Permissions, Privileges, and Access Controls
CAPEC
References (4)
| URL | Tag | Source |
|---|---|---|
| http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=684076 | X_refsource_confirm | |
| http://www.openwall.com/lists/oss-security/2012/08/21/1 | Mailing List |
|
| URL | Date | SRC |
|---|---|---|
| http://www.munin-monitoring.org/ticket/1238 | 2024-09-16 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://www.ubuntu.com/usn/USN-1622-1 | 2012-11-23 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Munin-monitoring Search vendor "Munin-monitoring" | Munin Search vendor "Munin-monitoring" for product "Munin" | <= 2.0.5 Search vendor "Munin-monitoring" for product "Munin" and version " <= 2.0.5" | - |
Affected
| ||||||
| Munin-monitoring Search vendor "Munin-monitoring" | Munin Search vendor "Munin-monitoring" for product "Munin" | 2.0-beta1 Search vendor "Munin-monitoring" for product "Munin" and version "2.0-beta1" | - |
Affected
| ||||||
| Munin-monitoring Search vendor "Munin-monitoring" | Munin Search vendor "Munin-monitoring" for product "Munin" | 2.0-beta2 Search vendor "Munin-monitoring" for product "Munin" and version "2.0-beta2" | - |
Affected
| ||||||
| Munin-monitoring Search vendor "Munin-monitoring" | Munin Search vendor "Munin-monitoring" for product "Munin" | 2.0-beta3 Search vendor "Munin-monitoring" for product "Munin" and version "2.0-beta3" | - |
Affected
| ||||||
| Munin-monitoring Search vendor "Munin-monitoring" | Munin Search vendor "Munin-monitoring" for product "Munin" | 2.0-beta4 Search vendor "Munin-monitoring" for product "Munin" and version "2.0-beta4" | - |
Affected
| ||||||
| Munin-monitoring Search vendor "Munin-monitoring" | Munin Search vendor "Munin-monitoring" for product "Munin" | 2.0-beta5 Search vendor "Munin-monitoring" for product "Munin" and version "2.0-beta5" | - |
Affected
| ||||||
| Munin-monitoring Search vendor "Munin-monitoring" | Munin Search vendor "Munin-monitoring" for product "Munin" | 2.0-beta6 Search vendor "Munin-monitoring" for product "Munin" and version "2.0-beta6" | - |
Affected
| ||||||
| Munin-monitoring Search vendor "Munin-monitoring" | Munin Search vendor "Munin-monitoring" for product "Munin" | 2.0-beta7 Search vendor "Munin-monitoring" for product "Munin" and version "2.0-beta7" | - |
Affected
| ||||||
| Munin-monitoring Search vendor "Munin-monitoring" | Munin Search vendor "Munin-monitoring" for product "Munin" | 2.0-rc1 Search vendor "Munin-monitoring" for product "Munin" and version "2.0-rc1" | - |
Affected
| ||||||
| Munin-monitoring Search vendor "Munin-monitoring" | Munin Search vendor "Munin-monitoring" for product "Munin" | 2.0-rc2 Search vendor "Munin-monitoring" for product "Munin" and version "2.0-rc2" | - |
Affected
| ||||||
| Munin-monitoring Search vendor "Munin-monitoring" | Munin Search vendor "Munin-monitoring" for product "Munin" | 2.0-rc3 Search vendor "Munin-monitoring" for product "Munin" and version "2.0-rc3" | - |
Affected
| ||||||
| Munin-monitoring Search vendor "Munin-monitoring" | Munin Search vendor "Munin-monitoring" for product "Munin" | 2.0-rc4 Search vendor "Munin-monitoring" for product "Munin" and version "2.0-rc4" | - |
Affected
| ||||||
| Munin-monitoring Search vendor "Munin-monitoring" | Munin Search vendor "Munin-monitoring" for product "Munin" | 2.0-rc5 Search vendor "Munin-monitoring" for product "Munin" and version "2.0-rc5" | - |
Affected
| ||||||
| Munin-monitoring Search vendor "Munin-monitoring" | Munin Search vendor "Munin-monitoring" for product "Munin" | 2.0-rc6 Search vendor "Munin-monitoring" for product "Munin" and version "2.0-rc6" | - |
Affected
| ||||||
| Munin-monitoring Search vendor "Munin-monitoring" | Munin Search vendor "Munin-monitoring" for product "Munin" | 2.0-rc7 Search vendor "Munin-monitoring" for product "Munin" and version "2.0-rc7" | - |
Affected
| ||||||
| Munin-monitoring Search vendor "Munin-monitoring" | Munin Search vendor "Munin-monitoring" for product "Munin" | 2.0.0 Search vendor "Munin-monitoring" for product "Munin" and version "2.0.0" | - |
Affected
| ||||||
| Munin-monitoring Search vendor "Munin-monitoring" | Munin Search vendor "Munin-monitoring" for product "Munin" | 2.0.1 Search vendor "Munin-monitoring" for product "Munin" and version "2.0.1" | - |
Affected
| ||||||
| Munin-monitoring Search vendor "Munin-monitoring" | Munin Search vendor "Munin-monitoring" for product "Munin" | 2.0.2 Search vendor "Munin-monitoring" for product "Munin" and version "2.0.2" | - |
Affected
| ||||||
| Munin-monitoring Search vendor "Munin-monitoring" | Munin Search vendor "Munin-monitoring" for product "Munin" | 2.0.3 Search vendor "Munin-monitoring" for product "Munin" and version "2.0.3" | - |
Affected
| ||||||
| Munin-monitoring Search vendor "Munin-monitoring" | Munin Search vendor "Munin-monitoring" for product "Munin" | 2.0.4 Search vendor "Munin-monitoring" for product "Munin" and version "2.0.4" | - |
Affected
| ||||||