The forms in Monit's Service Manager are vulnerable to a cross site request forgery attack. Successful exploitation will enable an attacker to disable/enable all monitoring for a particular host, disable/enable monitoring for a specific service. References: http://seclists.org/oss-sec/2016/q4/267 Upstream patch: https://bitbucket.org/tildeslash/monit/commits/c6ec3820e627f85417053e6336de2987f2d863e3?at=master
Created monit tracking bugs for this issue: Affects: fedora-all [bug 1390112] Affects: epel-all [bug 1390113]