A vulnerability in munin < 2.0.30.1 allows local attackers to overwrite any file accessible to the webserver user by setting multiple upper_limit GET parameters when CGI graphs are enabled.
A vulnerability in munin < 2.0.30.1 allows local attackers to overwrite any file accessible to the webserver user by setting multiple upper_limit GET parameters when CGI graphs are enabled.
https://www.debian.org/security/2017/dsa-3794 https://github.com/munin-monitoring/munin/pull/797/commits/42ce18f24d3eae8be33526a198bf21e4f2330230