CVE-2022-29712: Command injection in librenms

June 3, 2022 (updated June 9, 2022)

LibreNMS v22.3.0 was discovered to contain multiple command injection vulnerabilities via the service_ip, hostname, and service_param parameters.

References

github.com/advisories/GHSA-23f2-vgr6-fwv7
github.com/librenms/librenms/commit/8b82341cb742e7bd4966964b399012f7ba017e0b
github.com/librenms/librenms/pull/13932
nvd.nist.gov/vuln/detail/CVE-2022-29712

Code Behaviors & Features

Detect and mitigate CVE-2022-29712 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →