Thruk is a multibackend monitoring webinterface which currently supports Naemon, Icinga, Shinken and Nagios as backends. In versions 3.06 and prior, the file `panorama.pm` is vulnerable to a Path Traversal vulnerability which allows an attacker to upload a file to any folder which has write permissions on the affected system. The parameter location is not filtered, validated or sanitized and it accepts any kind of characters. For a path traversal attack, the only characters required were the dot (`.`) and the slash (`/`). A fix is available in version 3.06.2.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: GitHub_M
Published: 2023-06-08T18:59:51.787Z
Updated: 2023-06-08T18:59:51.787Z
Reserved: 2023-05-25T21:56:51.245Z
Link: CVE-2023-34096
JSON object: View
NVD Information
Status : Modified
Published: 2023-06-08T19:15:09.773
Modified: 2023-06-19T18:15:09.677
Link: CVE-2023-34096
JSON object: View
Redhat Information
No data.
CWE