Grafana 7.0.1 - Denial of Service (PoC)

vendor:

Grafana

by:

mostwanted002

8.2

CVSS

HIGH

Denial of Service

400

CWE

Product Name: Grafana

Affected Version From: 3.0.1

Affected Version To: 7.0.1

Patch Exists: NO

Related CWE: CVE-2020-13379

CPE: a:grafana:grafana:7.0.1

Metasploit: https://www.rapid7.com/db/vulnerabilities/oracle_linux-cve-2020-13379/, https://www.rapid7.com/db/vulnerabilities/centos_linux-cve-2020-13379/, https://www.rapid7.com/db/vulnerabilities/suse-cve-2020-13379/, https://www.rapid7.com/db/vulnerabilities/redhat_linux-cve-2020-13379/

Other Scripts:

Tags: cve,cve2020,grafana,ssrf

CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

Nuclei References: https://github.com/advisories/GHSA-wc9w-wvq2-ffm9, https://github.com/grafana/grafana/commit/ba953be95f0302c2ea80d23f1e5f2c1847365192, http://www.openwall.com/lists/oss-security/2020/06/03/4, https://nvd.nist.gov/vuln/detail/CVE-2020-13379, http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00060.html

Nuclei Metadata: {'max-request': 1, 'shodan-query': 'title:"Grafana"', 'verified': True, 'vendor': 'grafana', 'product': 'grafana'}

Platforms Tested: Linux

2020

Grafana 7.0.1 – Denial of Service (PoC)

This script exploits a Denial of Service vulnerability in Grafana version 7.0.1. By sending a specially crafted request to the target, it causes the Grafana server to crash or become unresponsive, resulting in a denial of service condition.

Mitigation:

Apply the vendor-supplied patch or upgrade to a version that is not affected by this vulnerability.

Source

Grafana 7.0.1 – Denial of Service (PoC)

Mitigation:

Exploit-DB raw data: