[CVE-2020-13379] Unauthenticated DoS on Grafana 3.0.1 - 7.0.1

Went looking for Copper, found Gold 😆

Researchers:

Mayank Malik ([email protected])

Kartik Sharma ([email protected])

Severity: Medium

Version: 3.0.1 to 7.0.1

Vulnerable Endpoint: http://<grafanaHost>/avatar/*

Request:

request.png

Response:

response.png

Backend:

backend.png

Environment for testing:

Docker Image grafana/grafana:5.3.2

Impact:

This vulnerability results in complete crashing of the grafana-server application.

Avatar
Mayank Malik
Red Teaming Enthusiast | Security Researcher | Cloud/Network Architect

Mayank Malik is a tech savvy person, Red Team Enthusiast, and likes to wander around to learn new stuff. Cryptography, Networking and System Administrations are his forte. He’s one of the Founding Members for CTF Team, Abs0lut3Pwn4g3, and Core Member at DC 91120 (DEFCON Community Group). Apart from the mentioned skills, he’s good at communication skills and is goal oriented person.