Enhancement: cves/2020/CVE-2020-13379.yaml by md

cves/2020/CVE-2020-13379.yaml

@@ -1,16 +1,16 @@
 id: CVE-2020-13379
 
 info:
-  name: Grafana 3.0.1 <= 7.0.1 Server Side Request Forgery
+  name: Grafana 3.0.1-7.0.1 - Server-Side Request Forgery
   author: Joshua Rogers
   severity: high
   description: |
-    The avatar feature in Grafana 3.0.1 through 7.0.1 has an SSRF Incorrect Access Control issue that allows remote code execution. This vulnerability allows any unauthenticated user/client to make Grafana send HTTP requests to any URL and return its result to the user/client. This can be used to gain information about the network that Grafana is running on.
+    Grafana 3.0.1 through 7.0.1 is susceptible to server-side request forgery via the avatar feature, which can lead to remote code execution. Any unauthenticated user/client can make Grafana send HTTP requests to any URL and return its result. This can be used to gain information about the network Grafana is running on, thereby potentially enabling an attacker to obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
   reference:
     - https://github.com/advisories/GHSA-wc9w-wvq2-ffm9
-    - https://nvd.nist.gov/vuln/detail/CVE-2020-13379
     - https://github.com/grafana/grafana/commit/ba953be95f0302c2ea80d23f1e5f2c1847365192
     - http://www.openwall.com/lists/oss-security/2020/06/03/4
+    - https://nvd.nist.gov/vuln/detail/CVE-2020-13379
   remediation: Upgrade to 6.3.4 or higher.
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
@@ -44,4 +44,6 @@ requests:
 
       - type: status
         status:
-          - 200
+          - 200
+
+# Enhanced by md on 2023/04/12