CVE-2020-13379
HIGH severity · CVSS 8.2 · Server-side request forgery (SSRF)
8.2CVSS HIGH
Summary
The avatar feature in Grafana 3.0.1 through 7.0.1 has an SSRF Incorrect Access Control issue. This vulnerability allows any unauthenticated user/client to make Grafana send HTTP requests to any URL and return its result to the user/client. This can be used to gain information about the network that Grafana is running on. Furthermore, passing invalid URL objects could be used for DOS'ing Grafana via SegFault.
Impact & exploitability
Attack vectorNetwork
Attack complexityLow
Privileges requiredNone
User interactionNone
Confidentiality impactLow
Integrity impactNone
Availability impactHigh
Exploit probability (EPSS)93%
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
Affected products we track (1)
Recommendation
Apply the vendor fix promptly. Open any affected product above for its exact safe version.
Additional information
- NVD record
- https://community.grafana.com/t/grafana-7-0-2-and-6-7-4-security-update/31408Advisory
- http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00060.htmlAdvisory
- http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00083.htmlAdvisory
- http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00009.htmlAdvisory
- http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00017.htmlAdvisory
- http://www.openwall.com/lists/oss-security/2020/06/03/4Advisory
- http://www.openwall.com/lists/oss-security/2020/06/09/2Advisory
- http://packetstormsecurity.com/files/158320/Grafana-7.0.1-Denial-Of-Service.htmlAdvisory