[CVE-2020-13379] Unauthenticated DoS on Grafana 3.0.1 - 7.0.1
Went looking for Copper, found Gold 😆
Researchers:
Mayank Malik ([email protected])
Kartik Sharma ([email protected])
Severity: Medium
Version: 3.0.1 to 7.0.1
Vulnerable Endpoint: http://<grafanaHost>/avatar/*
Request:
Response:
Backend:
Environment for testing:
Docker Image grafana/grafana:5.3.2
Impact:
This vulnerability results in complete crashing of the grafana-server application.