Lucene search

Veracode Vulnerability DatabaseVERACODE:25600

HistoryJun 04, 2020 - 4:20 a.m.

Server-Side Request Forgery (SSRF)

2020-06-0404:20:58

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.717 High

EPSS

Percentile

98.1%

JSON

github.com/grafana/grafana is vulnerable to server-side request forgery. An unauthenticated remote attacker is able to submit requests on behalf of the server and obtain the response via the avatar URL. This allows the attacker to access and obtain information within the internal network or perform a port scan on the server.

CPENameOperatorVersion
github.com/grafana/grafanale6.7.3
github.com/grafana/grafanale7.0.1
grafanaeq5.0.0__2.el7cp
grafanaeq4.3.2__3.el7rhgs
grafanaeq5.2.4__1.el7cp
grafanaeq2.0.2__8.el7ost
grafanaeq4.3.2__3.el7cp
grafanaeq6.2.2__2.el8
grafanaeq5.2.4__2.el7cp
grafanaeq4.6.4__1.el7rhgs

Name	Operator	Version
github.com/grafana/grafana	le	6.7.3
github.com/grafana/grafana	le	7.0.1
grafana	eq	5.0.0__2.el7cp
grafana	eq	4.3.2__3.el7rhgs
grafana	eq	5.2.4__1.el7cp
grafana	eq	2.0.2__8.el7ost
grafana	eq	4.3.2__3.el7cp
grafana	eq	6.2.2__2.el8
grafana	eq	5.2.4__2.el7cp
grafana	eq	4.6.4__1.el7rhgs

Rows per page:

1-10 of 811

References

lists.opensuse.org/opensuse-security-announce/2020-06/msg00060.html

lists.opensuse.org/opensuse-security-announce/2020-07/msg00083.html

lists.opensuse.org/opensuse-security-announce/2020-10/msg00009.html

lists.opensuse.org/opensuse-security-announce/2020-10/msg00017.html

packetstormsecurity.com/files/158320/Grafana-7.0.1-Denial-Of-Service.html

www.openwall.com/lists/oss-security/2020/06/03/4

www.openwall.com/lists/oss-security/2020/06/09/2

community.grafana.com/t/grafana-7-0-2-and-6-7-4-security-update/31408

community.grafana.com/t/release-notes-v6-7-x/27119

community.grafana.com/t/release-notes-v7-0-x/29381

grafana.com/blog/2020/06/03/grafana-6.7.4-and-7.0.2-released-with-important-security-fix/

lists.apache.org/thread.html/r0928ee574281f8b6156e0a6d0291bfc27100a9dd3f9b0177ece24ae4@%3Cdev.ambari.apache.org%3E

lists.apache.org/thread.html/r093b405a49fd31efa0d949ac1a887101af1ca95652a66094194ed933@%3Cdev.ambari.apache.org%3E

lists.apache.org/thread.html/r40f0a97b6765de6b8938bc212ee9dfb5101e9efa48bcbbdec02b2a60@%3Cissues.ambari.apache.org%3E

lists.apache.org/thread.html/r6670a6c29044bcb77d4e5d165b5bd13fffe37b84caa5d6471b13b3a2@%3Cdev.ambari.apache.org%3E

lists.apache.org/thread.html/r6bb57124a21bb638f552d81650c66684e70fc1ff9f40b6a8840171cd@%3Cissues.ambari.apache.org%3E

lists.apache.org/thread.html/r984c3b42a500f5a6a89fbee436b9432fada5dc27ebab04910aafe4da@%3Cissues.ambari.apache.org%3E

lists.apache.org/thread.html/rad99b06d7360a5cf6e394afb313f8901dcd4cb777aee9c9197b3b23d@%3Cdev.ambari.apache.org%3E

lists.apache.org/thread.html/rba0247a27be78bd14046724098462d058a9969400a82344b3007cf90@%3Cdev.ambari.apache.org%3E

lists.apache.org/thread.html/rd0fd283e3844b9c54cd5ecc92d966f96d3f4318815bbf3ac41f9c820@%3Ccommits.ambari.apache.org%3E

lists.apache.org/thread.html/re75f59639f3bc1d14c7ab362bc4485ade84f3c6a3c1a03200c20fe13@%3Cissues.ambari.apache.org%3E

lists.apache.org/thread.html/re7c4b251b52f49ba6ef752b829bca9565faaf93d03206b1db6644d31@%3Cdev.ambari.apache.org%3E

lists.apache.org/thread.html/rff71126fa7d9f572baafb9be44078ad409c85d2c0f3e26664f1ef5a2@%3Cdev.ambari.apache.org%3E

lists.fedoraproject.org/archives/list/[email protected]/message/EEKSZ6GE4EDOFZ23NGYWOCMD6O4JF5SO/

lists.fedoraproject.org/archives/list/[email protected]/message/O2KSCCGKNEENZN3DW7TSPFBBUZH3YZXZ/

mostwanted002.cf/post/grafanados/

rhynorater.github.io/CVE-2020-13379-Write-Up

security.netapp.com/advisory/ntap-20200608-0006/

0.717 High

EPSS

Percentile

98.1%

JSON

Related for VERACODE:25600