exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 9 of 9 RSS Feed

CVE-2020-13379

Status Candidate

Overview

The avatar feature in Grafana 3.0.1 through 7.0.1 has an SSRF Incorrect Access Control issue. This vulnerability allows any unauthenticated user/client to make Grafana send HTTP requests to any URL and return its result to the user/client. This can be used to gain information about the network that Grafana is running on. Furthermore, passing invalid URL objects could be used for DOS'ing Grafana via SegFault.

Related Files

Red Hat Security Advisory 2021-1518-01
Posted May 7, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-1518-01 - Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment utilities, and support services. The ceph-ansible package provides Ansible playbooks for installing, maintaining, and upgrading Red Hat Ceph Storage. Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. The tcmu-runner packages provide a service that handles the complexity of the LIO kernel target's userspace passthrough interface. It presents a C plugin API for extension modules that handle SCSI requests in ways not possible or suitable to be handled by LIO's in-kernel backstores. Issues addressed include denial of service and server-side request forgery vulnerabilities.

tags | advisory, denial of service, kernel, vulnerability
systems | linux, redhat
advisories | CVE-2020-12059, CVE-2020-13379, CVE-2020-27781, CVE-2021-3139
SHA-256 | e87fb4791772030f72c602aaae9c15e3ccdeb0c201ea244532321266dcf4337a
Red Hat Security Advisory 2021-0083-01
Posted Jan 12, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-0083-01 - The rhceph-4.2 image is based on Red Hat Ceph Storage 4.2 and Red Hat Enterprise Linux. Issues addressed include a server-side request forgery vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2020-13379, CVE-2020-1971, CVE-2020-24659
SHA-256 | e943336edc5347bcba6786ff67a9a3dc7132f73006690c613ae8589772698114
Red Hat Security Advisory 2020-5599-01
Posted Dec 17, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-5599-01 - Red Hat Gluster Storage is software only scale-out storage solution that provides flexible and affordable unstructured data storage. It unifies data storage and infrastructure, increases performance, and improves availability and manageability to meet enterprise-level storage challenges. Issues addressed include a server-side request forgery vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2020-13379
SHA-256 | c826a3e6f77e38121b24826a3fc0d3b8f56f8eb0cf053f7be968f738b2edbb57
Red Hat Security Advisory 2020-2861-01
Posted Jul 7, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-2861-01 - Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation. Issues addressed include cross site scripting, denial of service, and server-side request forgery vulnerabilities.

tags | advisory, denial of service, vulnerability, xss
systems | linux, redhat
advisories | CVE-2019-11253, CVE-2020-12052, CVE-2020-12245, CVE-2020-13379, CVE-2020-13430, CVE-2020-7660, CVE-2020-7662
SHA-256 | 7d96fd5847793a13da10d62cd136d2c69b8b82bb97c74d6b0116ab9d53ef6f3e
Red Hat Security Advisory 2020-2792-01
Posted Jul 6, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-2792-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Issues addressed include a server-side request forgery vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2020-13379
SHA-256 | aebf3b0588993a60453d917fb1503f3720fd2b0796dae569921d987fd81d1bf4
Grafana 7.0.1 Denial Of Service
Posted Jul 6, 2020
Authored by mostwanted002

Grafana version 7.0.1 denial of service proof of concept exploit.

tags | exploit, denial of service, proof of concept
advisories | CVE-2020-13379
SHA-256 | c2b33824f0c2688564f8f963b13b5ec71fc672bdd9957ef87ebc449f73ba2c64
Red Hat Security Advisory 2020-2796-01
Posted Jul 2, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-2796-01 - Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation. Issues addressed include cross site scripting, denial of service, and server-side request forgery vulnerabilities.

tags | advisory, denial of service, vulnerability, xss
systems | linux, redhat
advisories | CVE-2019-11253, CVE-2019-16769, CVE-2020-12052, CVE-2020-12245, CVE-2020-13379, CVE-2020-13430, CVE-2020-7660, CVE-2020-7662
SHA-256 | 80a98f897d0125587f947d7e21d187fdf53a7ab0eecebcab70a90ca4d0b97ac0
Red Hat Security Advisory 2020-2676-01
Posted Jun 23, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-2676-01 - Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Issues addressed include a server-side request forgery vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2020-13379
SHA-256 | 71bd96f028c196f23a94f69fbd4203084fecdacda87d98e83449ce7f9a30e629
Red Hat Security Advisory 2020-2641-01
Posted Jun 22, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-2641-01 - Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Issues addressed include a server-side request forgery vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2020-13379
SHA-256 | 564c9610e0b10697551a75e1e31c1760faef3d9c10a7ea4796c1ddb4315bd5b4
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close