Ganglia Web 3.5.1 Release – Security Advisory


There is a security issue in Ganglia Web going back to at least 3.1.7 which can lead to arbitrary script being executed with web user privileges possibly leading to a machine compromise. Issue has been fixed in the latest version of Ganglia Web which can be downloaded from

https://sourceforge.net/projects/ganglia/files/ganglia-web/3.5.1/

If you are running Ganglia Web open on the internet you are advised to upgrade ASAP or at a minimum password protect access to Ganglia Web.

We’ll have a write up about details of the vulnerability in few days.

Comments are closed.