DoS

[CVE-2020-13379] Unauthenticated DoS on Grafana 3.0.1 - 7.0.1

Researchers: Mayank Malik ( [email protected]) Kartik Sharma ( [email protected]) Severity: Medium Version: 3.0.1 to 7.0.1 Vulnerable Endpoint: http://<grafanaHost>/avatar/* Overview Grafana is the open-source analytics & monitoring solution for every database. According to Grafana’s patch notes dated June 3rd, 2020, there was an “Incorrect Access Control” vulnerability in Grafana 3.0.1 through Grafana 7.0.1 on the /avatar feature through which an attacker/adversary was able to perform Server Side Request Forgery (SSRF) attack.