daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update CVE-2020-13379.yaml

patch-1
Dhiyaneshwaran 2022-12-08 11:06:13 +05:30 committed by GitHub
parent 4baef3eb4e
commit 25f6a82b0c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
cves/2020/CVE-2020-13379.yaml
View File

@ -4,7 +4,8 @@ info:
name: Grafana 3.0.1 <= 7.0.1 Server Side Request Forgery
author: Joshua Rogers
severity: high
description: The avatar feature in Grafana 3.0.1 through 7.0.1 has an SSRF Incorrect Access Control issue that allows remote code execution. This vulnerability allows any unauthenticated user/client to make Grafana send HTTP requests to any URL and return its result to the user/client. This can be used to gain information about the network that Grafana is running on.
description: |
The avatar feature in Grafana 3.0.1 through 7.0.1 has an SSRF Incorrect Access Control issue that allows remote code execution. This vulnerability allows any unauthenticated user/client to make Grafana send HTTP requests to any URL and return its result to the user/client. This can be used to gain information about the network that Grafana is running on.
reference:
- https://github.com/advisories/GHSA-wc9w-wvq2-ffm9
- https://nvd.nist.gov/vuln/detail/CVE-2020-13379