CVE-2020-13379

Name
CVE-2020-13379
Description
The avatar feature in Grafana 3.0.1 through 7.0.1 has an SSRF Incorrect Access Control issue. This vulnerability allows any unauthenticated user/client to make Grafana send HTTP requests to any URL and return its result to the user/client. This can be used to gain information about the network that Grafana is running on. Furthermore, passing invalid URL objects could be used for DOS'ing Grafana via SegFault.
NVD Severity
high
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
Mailing List http://www.openwall.com/lists/oss-security/2020/06/03/4
Release Notes https://community.grafana.com/t/release-notes-v6-7-x/27119
Release Notes https://community.grafana.com/t/release-notes-v7-0-x/29381
Vendor Advisory https://community.grafana.com/t/grafana-7-0-2-and-6-7-4-security-update/31408
Vendor Advisory https://grafana.com/blog/2020/06/03/grafana-6.7.4-and-7.0.2-released-with-important-security-fix/
Third Party Advisory https://security.netapp.com/advisory/ntap-20200608-0006/
Mailing List http://www.openwall.com/lists/oss-security/2020/06/09/2
Third Party Advisory https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O2KSCCGKNEENZN3DW7TSPFBBUZH3YZXZ/
Third Party Advisory https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EEKSZ6GE4EDOFZ23NGYWOCMD6O4JF5SO/
Mailing List http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00060.html
Exploit https://mostwanted002.cf/post/grafanados/
Exploit http://packetstormsecurity.com/files/158320/Grafana-7.0.1-Denial-Of-Service.html
Mailing List http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00083.html
Exploit https://rhynorater.github.io/CVE-2020-13379-Write-Up
Mailing List https://lists.apache.org/thread.html/re75f59639f3bc1d14c7ab362bc4485ade84f3c6a3c1a03200c20fe13@%3Cissues.ambari.apache.org%3E
Mailing List https://lists.apache.org/thread.html/r6bb57124a21bb638f552d81650c66684e70fc1ff9f40b6a8840171cd@%3Cissues.ambari.apache.org%3E
Mailing List http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00009.html
Mailing List http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00017.html
Mailing List https://lists.apache.org/thread.html/r40f0a97b6765de6b8938bc212ee9dfb5101e9efa48bcbbdec02b2a60@%3Cissues.ambari.apache.org%3E
Mailing List https://lists.apache.org/thread.html/r0928ee574281f8b6156e0a6d0291bfc27100a9dd3f9b0177ece24ae4@%3Cdev.ambari.apache.org%3E
Mailing List https://lists.apache.org/thread.html/r6670a6c29044bcb77d4e5d165b5bd13fffe37b84caa5d6471b13b3a2@%3Cdev.ambari.apache.org%3E
Mailing List https://lists.apache.org/thread.html/rd0fd283e3844b9c54cd5ecc92d966f96d3f4318815bbf3ac41f9c820@%3Ccommits.ambari.apache.org%3E
Mailing List https://lists.apache.org/thread.html/rba0247a27be78bd14046724098462d058a9969400a82344b3007cf90@%3Cdev.ambari.apache.org%3E
Mailing List https://lists.apache.org/thread.html/r093b405a49fd31efa0d949ac1a887101af1ca95652a66094194ed933@%3Cdev.ambari.apache.org%3E
Mailing List https://lists.apache.org/thread.html/rad99b06d7360a5cf6e394afb313f8901dcd4cb777aee9c9197b3b23d@%3Cdev.ambari.apache.org%3E
Mailing List https://lists.apache.org/thread.html/rff71126fa7d9f572baafb9be44078ad409c85d2c0f3e26664f1ef5a2@%3Cdev.ambari.apache.org%3E
Mailing List https://lists.apache.org/thread.html/re7c4b251b52f49ba6ef752b829bca9565faaf93d03206b1db6644d31@%3Cdev.ambari.apache.org%3E
Mailing List https://lists.apache.org/thread.html/r984c3b42a500f5a6a89fbee436b9432fada5dc27ebab04910aafe4da@%3Cissues.ambari.apache.org%3E

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:* grafana >= 3.0.1 <= 7.0.1

Vulnerable and fixed packages

Source package Branch Version Maintainer Status