Date: Thu, 27 Oct 2016 13:58:38 -0700 From: Adith Sudhakar <adith.sudhakar@...il.com> To: oss-security@...ts.openwall.com Subject: CVE-2016-7067 - CSRF in Monit Service Manager Hello, I'd found a CSRF issue in Monit(https://mmonit.com/monit/) in the Service Manager application that affects versions 5.19.0 and earlier. Red Hat has assigned CVE-2016-7067 to this issue. Monit has fixed this issue in version 5.20.0 Description: The forms in Monit's Service Manager are vulnerable to a cross site request forgery attack. Successful exploitation will enable an attacker to disable/enable all monitoring for a particular host, disable/enable monitoring for a specific service. Upstream Commit: https://bitbucket.org/tildeslash/monit/commits/c6ec3820e627f85417053e6336de2987f2d863e3?at=master Adith Sudhakar
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.