github.com/grafana/grafana is vulnerable to server-side request forgery. An unauthenticated remote attacker is able to submit requests on behalf of the server and obtain the response via the avatar URL. This allows the attacker to access and obtain information within the internal network or perform a port scan on the server.
lists.opensuse.org/opensuse-security-announce/2020-06/msg00060.html
lists.opensuse.org/opensuse-security-announce/2020-07/msg00083.html
lists.opensuse.org/opensuse-security-announce/2020-10/msg00009.html
lists.opensuse.org/opensuse-security-announce/2020-10/msg00017.html
packetstormsecurity.com/files/158320/Grafana-7.0.1-Denial-Of-Service.html
www.openwall.com/lists/oss-security/2020/06/03/4
www.openwall.com/lists/oss-security/2020/06/09/2
community.grafana.com/t/grafana-7-0-2-and-6-7-4-security-update/31408
community.grafana.com/t/release-notes-v6-7-x/27119
community.grafana.com/t/release-notes-v7-0-x/29381
grafana.com/blog/2020/06/03/grafana-6.7.4-and-7.0.2-released-with-important-security-fix/
lists.apache.org/thread.html/r0928ee574281f8b6156e0a6d0291bfc27100a9dd3f9b0177ece24ae4@%3Cdev.ambari.apache.org%3E
lists.apache.org/thread.html/r093b405a49fd31efa0d949ac1a887101af1ca95652a66094194ed933@%3Cdev.ambari.apache.org%3E
lists.apache.org/thread.html/r40f0a97b6765de6b8938bc212ee9dfb5101e9efa48bcbbdec02b2a60@%3Cissues.ambari.apache.org%3E
lists.apache.org/thread.html/r6670a6c29044bcb77d4e5d165b5bd13fffe37b84caa5d6471b13b3a2@%3Cdev.ambari.apache.org%3E
lists.apache.org/thread.html/r6bb57124a21bb638f552d81650c66684e70fc1ff9f40b6a8840171cd@%3Cissues.ambari.apache.org%3E
lists.apache.org/thread.html/r984c3b42a500f5a6a89fbee436b9432fada5dc27ebab04910aafe4da@%3Cissues.ambari.apache.org%3E
lists.apache.org/thread.html/rad99b06d7360a5cf6e394afb313f8901dcd4cb777aee9c9197b3b23d@%3Cdev.ambari.apache.org%3E
lists.apache.org/thread.html/rba0247a27be78bd14046724098462d058a9969400a82344b3007cf90@%3Cdev.ambari.apache.org%3E
lists.apache.org/thread.html/rd0fd283e3844b9c54cd5ecc92d966f96d3f4318815bbf3ac41f9c820@%3Ccommits.ambari.apache.org%3E
lists.apache.org/thread.html/re75f59639f3bc1d14c7ab362bc4485ade84f3c6a3c1a03200c20fe13@%3Cissues.ambari.apache.org%3E
lists.apache.org/thread.html/re7c4b251b52f49ba6ef752b829bca9565faaf93d03206b1db6644d31@%3Cdev.ambari.apache.org%3E
lists.apache.org/thread.html/rff71126fa7d9f572baafb9be44078ad409c85d2c0f3e26664f1ef5a2@%3Cdev.ambari.apache.org%3E
lists.fedoraproject.org/archives/list/[email protected]/message/EEKSZ6GE4EDOFZ23NGYWOCMD6O4JF5SO/
lists.fedoraproject.org/archives/list/[email protected]/message/O2KSCCGKNEENZN3DW7TSPFBBUZH3YZXZ/
mostwanted002.cf/post/grafanados/
rhynorater.github.io/CVE-2020-13379-Write-Up
security.netapp.com/advisory/ntap-20200608-0006/