[CVE-2020-13379] Unauthenticated DoS on Grafana 3.0.1 - 7.0.1
Went looking for Copper, found Gold 😆
Researchers:
Mayank Malik ([email protected])
Kartik Sharma ([email protected])
Severity: Medium
Version: 3.0.1 to 7.0.1
Vulnerable Endpoint: http://<grafanaHost>/avatar/*
Request:
Response:
Backend:
Environment for testing:
Docker Image grafana/grafana:5.3.2
Impact:
This vulnerability results in complete crashing of the grafana-server application.
Mayank Malik
Synack Red Team Member | Threat Analyst | Security Researcher | Cloud/Network Architect
Mayank Malik is a tech savvy person, Red Team Enthusiast, and likes to wander around to learn new stuff. Cryptography, Networking and System Administrations are his forte. He’s one of the Founding Members for CTF Team, Abs0lut3Pwn4g3, and Core Member at DC 91120 (DEFCON Community Group). Apart from the mentioned skills, he’s good at communication skills and is goal oriented person.
