Description
Monit before version 5.20.0 is vulnerable to a cross site request forgery attack. Successful exploitation will enable an attacker to disable/enable all monitoring for a particular host or disable/enable monitoring for a specific service.
References (4)
Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/93953
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
https://seclists.org/oss-sec/2016/q4/267
Issue Tracking, Third Party Advisory x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7067
Exploit, Third Party Advisory x_refsource_confirm
https://bitbucket.org/tildeslash/monit/commits/c6ec3820e627f85417053e6336de2987f2d863e3?at=master
Scores
CVSS v3
6.5
EPSS
0.0020
EPSS Percentile
42.2%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
Details
CWE
CWE-352
Status
published
Products (1)
mmonit/monit
< 5.20.0
Published
Sep 10, 2018
Tracked Since
Feb 18, 2026