Headline
CVE-2022-29712: Fix services command injection by murrant · Pull Request #13932 · librenms/librenms
LibreNMS v22.3.0 was discovered to contain multiple command injection vulnerabilities via the service_ip, hostname, and service_param parameters.
Reported by
● Darek Jensen
● haxmeadroom
Please note
Please read this information carefully. You can run ./lnms dev:check to check your code before submitting.
- Have you followed our code guidelines?
- If my Pull Request does some changes/fixes/enhancements in the WebUI, I have inserted a screenshot of it.
- If my Pull Request makes discovery/polling/yaml changes, I have added/updated test data.
Testers
If you would like to test this pull request then please run: ./scripts/github-apply <pr_id>, i.e ./scripts/github-apply 5926
After you are done testing, you can remove the changes with ./scripts/github-remove. If there are schema changes, you can ask on discord how to revert.
Related news
GHSA-23f2-vgr6-fwv7: Command injection in librenms
LibreNMS v22.3.0 was discovered to contain multiple command injection vulnerabilities via the service_ip, hostname, and service_param parameters.