Lucene search
Redhat.comRH:CVE-2020-13379HistoryJun 03, 2020 - 5:21 p.m.
CVE-2020-13379
2020-06-0317:21:50
redhat.com
access.redhat.com
26
0.717 High
EPSS
Percentile
98.1%
An SSRF incorrect access control vulnerability was found in Grafana regarding the avatar feature, allowing any unauthenticated user or client to make Grafana send HTTP requests to any URL and then return its result to the user or client. Additionally, the same issue can create a NULL pointer dereference vulnerability. This flaw allows an attacker to gain information about the network that Grafana is running on, or cause a segmentation fault, resulting in a denial of service.
Mitigation
This issue can be mitigated by blocking access to the URL path /avatar/*, through a method such as a reverse proxy, load balancer, application firewall etc.
Related
nessus
nessus
CentOS 8 : grafana (CESA-2020:2641)
2021-02-01 00:00:00
Oracle Linux 8 : grafana (ELSA-2020-2641)
2020-06-24 00:00:00
Fedora 31 : grafana (2020-e6e81a03d6)
2020-06-17 00:00:00
cve
cve
CVE-2020-13379
2020-06-03 19:15:10
osv
osv
BIT-grafana-2020-13379
2024-03-06 11:01:01
CVE-2020-13379
2020-06-03 19:15:10
Server Side Request Forgery in Grafana
2022-02-15 01:57:18
packetstorm
packetstorm
Grafana 7.0.1 Denial Of Service
2020-07-06 00:00:00
avleonov
avleonov
How to list, create, update and delete Grafana dashboards via API
2020-06-10 00:46:05
redhat
redhat
(RHSA-2020:2641) Important: grafana security update
2020-06-22 06:50:20
(RHSA-2020:2676) Important: grafana security update
2020-06-23 12:35:52
oraclelinux
oraclelinux
grafana security update
2020-06-22 00:00:00
grafana kubernetes-cni kubernetes-cni-plugins kubernetes kubernetes olcne security update
2020-06-12 00:00:00
grafana security, bug fix, and enhancement update
2020-11-10 00:00:00
zdt
zdt
Grafana 7.0.1 - Denial of Service Exploit
2020-07-07 00:00:00
prion
prion
Design/Logic Flaw
2020-06-03 19:15:00
veracode
veracode
Server-Side Request Forgery (SSRF)
2020-06-04 04:20:58
github
github
Server Side Request Forgery in Grafana
2022-02-15 01:57:18
alpinelinux
alpinelinux
CVE-2020-13379
2020-06-03 19:15:10
altlinux
altlinux
Security fix for the ALT Linux 10 package grafana version 7.0.3-alt1
2020-06-04 00:00:00
Security fix for the ALT Linux 9 package grafana version 7.0.3-alt1
2020-06-04 00:00:00
attackerkb
attackerkb
CVE-2020-13379
2020-06-03 00:00:00
openvas
openvas
Grafana 3.0.1 < 6.7.4, 7.0 < 7.0.2 SSRF Vulnerability
2020-06-08 00:00:00
Fedora: Security Advisory for grafana (FEDORA-2020-a09e5be0be)
2020-06-23 00:00:00
openSUSE: Security Advisory for grafana, (openSUSE-SU-2020:0892-1)
2020-06-29 00:00:00
nvd
nvd
CVE-2020-13379
2020-06-03 19:15:10
cvelist
cvelist
CVE-2020-13379
2020-06-03 18:41:09
ubuntucve
ubuntucve
CVE-2020-13379
2020-06-03 00:00:00
nuclei
nuclei
Grafana 3.0.1-7.0.1 - Server-Side Request Forgery
2022-12-08 00:39:09
exploitdb
exploitdb
Grafana 7.0.1 - Denial of Service (PoC)
2020-07-06 00:00:00
suse
suse
Security update for grafana (moderate)
2020-10-10 00:00:00
Security update for grafana, grafana-piechart-panel, grafana-status-panel (moderate)
2020-06-28 00:00:00
Security update for SUSE Manager Client Tools (moderate)
2020-07-27 00:00:00
fedora
fedora
[SECURITY] Fedora 32 Update: grafana-6.7.4-1.fc32
2020-06-16 01:31:15
[SECURITY] Fedora 31 Update: grafana-6.7.4-1.fc31
2020-06-15 02:07:15