CVE-2020-13379

The avatar feature in Grafana 3.0.1 through 7.0.1 has an SSRF Incorrect Access Control issue. This vulnerability allows any unauthenticated user/client to make Grafana send HTTP requests to any URL and return its result to the user/client. This can be used to gain information about the network that Grafana is running on. Furthermore, passing invalid URL objects could be used for DOS'ing Grafana via SegFault.
SSRF
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.2 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 99%
Affected Products (NVD)
VendorProductVersion
grafanagrafana
3.0.1 ≤
𝑥
≤ 7.0.1
netappe-series_performance_analyzer
-
opensuseleap
15.2
opensusebackports_sle
15.0:sp1
opensusebackports_sle
15.0:sp2
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
grafana
bionic
dne
eoan
dne
focal
dne
groovy
dne
hirsute
dne
impish
dne
jammy
dne
trusty
dne
xenial
not-affected
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
grafana
RHEL 8
0:6.3.6-2.el8_2
fixed
RHEL 8.1 E4S
0:6.2.2-6.el8_1
fixed
RHEL 8.1 EUS
0:6.2.2-6.el8_1
fixed
RHEL 8.2 AUS
0:6.3.6-2.el8_2
fixed
RHEL 8.2 E4S
0:6.3.6-2.el8_2
fixed
RHEL 8.2 EUS
0:6.3.6-2.el8_2
fixed
RHEL 8.2 TUS
0:6.3.6-2.el8_2
fixed
grafana-azure-monitor
RHEL 8
0:6.3.6-2.el8_2
fixed
RHEL 8.1 E4S
0:6.2.2-6.el8_1
fixed
RHEL 8.1 EUS
0:6.2.2-6.el8_1
fixed
RHEL 8.2 AUS
0:6.3.6-2.el8_2
fixed
RHEL 8.2 E4S
0:6.3.6-2.el8_2
fixed
RHEL 8.2 EUS
0:6.3.6-2.el8_2
fixed
RHEL 8.2 TUS
0:6.3.6-2.el8_2
fixed
grafana-cloudwatch
RHEL 8
0:6.3.6-2.el8_2
fixed
RHEL 8.1 E4S
0:6.2.2-6.el8_1
fixed
RHEL 8.1 EUS
0:6.2.2-6.el8_1
fixed
RHEL 8.2 AUS
0:6.3.6-2.el8_2
fixed
RHEL 8.2 E4S
0:6.3.6-2.el8_2
fixed
RHEL 8.2 EUS
0:6.3.6-2.el8_2
fixed
RHEL 8.2 TUS
0:6.3.6-2.el8_2
fixed
grafana-elasticsearch
RHEL 8
0:6.3.6-2.el8_2
fixed
RHEL 8.1 E4S
0:6.2.2-6.el8_1
fixed
RHEL 8.1 EUS
0:6.2.2-6.el8_1
fixed
RHEL 8.2 AUS
0:6.3.6-2.el8_2
fixed
RHEL 8.2 E4S
0:6.3.6-2.el8_2
fixed
RHEL 8.2 EUS
0:6.3.6-2.el8_2
fixed
RHEL 8.2 TUS
0:6.3.6-2.el8_2
fixed
grafana-graphite
RHEL 8
0:6.3.6-2.el8_2
fixed
RHEL 8.1 E4S
0:6.2.2-6.el8_1
fixed
RHEL 8.1 EUS
0:6.2.2-6.el8_1
fixed
RHEL 8.2 AUS
0:6.3.6-2.el8_2
fixed
RHEL 8.2 E4S
0:6.3.6-2.el8_2
fixed
RHEL 8.2 EUS
0:6.3.6-2.el8_2
fixed
RHEL 8.2 TUS
0:6.3.6-2.el8_2
fixed
grafana-influxdb
RHEL 8
0:6.3.6-2.el8_2
fixed
RHEL 8.1 E4S
0:6.2.2-6.el8_1
fixed
RHEL 8.1 EUS
0:6.2.2-6.el8_1
fixed
RHEL 8.2 AUS
0:6.3.6-2.el8_2
fixed
RHEL 8.2 E4S
0:6.3.6-2.el8_2
fixed
RHEL 8.2 EUS
0:6.3.6-2.el8_2
fixed
RHEL 8.2 TUS
0:6.3.6-2.el8_2
fixed
grafana-loki
RHEL 8
0:6.3.6-2.el8_2
fixed
RHEL 8.1 E4S
0:6.2.2-6.el8_1
fixed
RHEL 8.1 EUS
0:6.2.2-6.el8_1
fixed
RHEL 8.2 AUS
0:6.3.6-2.el8_2
fixed
RHEL 8.2 E4S
0:6.3.6-2.el8_2
fixed
RHEL 8.2 EUS
0:6.3.6-2.el8_2
fixed
RHEL 8.2 TUS
0:6.3.6-2.el8_2
fixed
grafana-mssql
RHEL 8
0:6.3.6-2.el8_2
fixed
RHEL 8.1 E4S
0:6.2.2-6.el8_1
fixed
RHEL 8.1 EUS
0:6.2.2-6.el8_1
fixed
RHEL 8.2 AUS
0:6.3.6-2.el8_2
fixed
RHEL 8.2 E4S
0:6.3.6-2.el8_2
fixed
RHEL 8.2 EUS
0:6.3.6-2.el8_2
fixed
RHEL 8.2 TUS
0:6.3.6-2.el8_2
fixed
grafana-mysql
RHEL 8
0:6.3.6-2.el8_2
fixed
RHEL 8.1 E4S
0:6.2.2-6.el8_1
fixed
RHEL 8.1 EUS
0:6.2.2-6.el8_1
fixed
RHEL 8.2 AUS
0:6.3.6-2.el8_2
fixed
RHEL 8.2 E4S
0:6.3.6-2.el8_2
fixed
RHEL 8.2 EUS
0:6.3.6-2.el8_2
fixed
RHEL 8.2 TUS
0:6.3.6-2.el8_2
fixed
grafana-opentsdb
RHEL 8
0:6.3.6-2.el8_2
fixed
RHEL 8.1 E4S
0:6.2.2-6.el8_1
fixed
RHEL 8.1 EUS
0:6.2.2-6.el8_1
fixed
RHEL 8.2 AUS
0:6.3.6-2.el8_2
fixed
RHEL 8.2 E4S
0:6.3.6-2.el8_2
fixed
RHEL 8.2 EUS
0:6.3.6-2.el8_2
fixed
RHEL 8.2 TUS
0:6.3.6-2.el8_2
fixed
grafana-postgres
RHEL 8
0:6.3.6-2.el8_2
fixed
RHEL 8.1 E4S
0:6.2.2-6.el8_1
fixed
RHEL 8.1 EUS
0:6.2.2-6.el8_1
fixed
RHEL 8.2 AUS
0:6.3.6-2.el8_2
fixed
RHEL 8.2 E4S
0:6.3.6-2.el8_2
fixed
RHEL 8.2 EUS
0:6.3.6-2.el8_2
fixed
RHEL 8.2 TUS
0:6.3.6-2.el8_2
fixed
grafana-prometheus
RHEL 8
0:6.3.6-2.el8_2
fixed
RHEL 8.1 E4S
0:6.2.2-6.el8_1
fixed
RHEL 8.1 EUS
0:6.2.2-6.el8_1
fixed
RHEL 8.2 AUS
0:6.3.6-2.el8_2
fixed
RHEL 8.2 E4S
0:6.3.6-2.el8_2
fixed
RHEL 8.2 EUS
0:6.3.6-2.el8_2
fixed
RHEL 8.2 TUS
0:6.3.6-2.el8_2
fixed
grafana-stackdriver
RHEL 8
0:6.3.6-2.el8_2
fixed
RHEL 8.1 E4S
0:6.2.2-6.el8_1
fixed
RHEL 8.1 EUS
0:6.2.2-6.el8_1
fixed
RHEL 8.2 AUS
0:6.3.6-2.el8_2
fixed
RHEL 8.2 E4S
0:6.3.6-2.el8_2
fixed
RHEL 8.2 EUS
0:6.3.6-2.el8_2
fixed
RHEL 8.2 TUS
0:6.3.6-2.el8_2
fixed
Common Weakness Enumeration
References
http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00060.html
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00083.html
http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00009.html
http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00017.html
http://packetstormsecurity.com/files/158320/Grafana-7.0.1-Denial-Of-Service.html
http://www.openwall.com/lists/oss-security/2020/06/03/4
http://www.openwall.com/lists/oss-security/2020/06/09/2
https://community.grafana.com/t/grafana-7-0-2-and-6-7-4-security-update/31408
https://community.grafana.com/t/release-notes-v6-7-x/27119
https://community.grafana.com/t/release-notes-v7-0-x/29381
https://grafana.com/blog/2020/06/03/grafana-6.7.4-and-7.0.2-released-with-important-security-fix/
https://lists.apache.org/thread.html/r0928ee574281f8b6156e0a6d0291bfc27100a9dd3f9b0177ece24ae4%40%3Cdev.ambari.apache.org%3E
https://lists.apache.org/thread.html/r093b405a49fd31efa0d949ac1a887101af1ca95652a66094194ed933%40%3Cdev.ambari.apache.org%3E
https://lists.apache.org/thread.html/r40f0a97b6765de6b8938bc212ee9dfb5101e9efa48bcbbdec02b2a60%40%3Cissues.ambari.apache.org%3E
https://lists.apache.org/thread.html/r6670a6c29044bcb77d4e5d165b5bd13fffe37b84caa5d6471b13b3a2%40%3Cdev.ambari.apache.org%3E
https://lists.apache.org/thread.html/r6bb57124a21bb638f552d81650c66684e70fc1ff9f40b6a8840171cd%40%3Cissues.ambari.apache.org%3E
https://lists.apache.org/thread.html/r984c3b42a500f5a6a89fbee436b9432fada5dc27ebab04910aafe4da%40%3Cissues.ambari.apache.org%3E
https://lists.apache.org/thread.html/rad99b06d7360a5cf6e394afb313f8901dcd4cb777aee9c9197b3b23d%40%3Cdev.ambari.apache.org%3E
https://lists.apache.org/thread.html/rba0247a27be78bd14046724098462d058a9969400a82344b3007cf90%40%3Cdev.ambari.apache.org%3E
https://lists.apache.org/thread.html/rd0fd283e3844b9c54cd5ecc92d966f96d3f4318815bbf3ac41f9c820%40%3Ccommits.ambari.apache.org%3E
https://lists.apache.org/thread.html/re75f59639f3bc1d14c7ab362bc4485ade84f3c6a3c1a03200c20fe13%40%3Cissues.ambari.apache.org%3E
https://lists.apache.org/thread.html/re7c4b251b52f49ba6ef752b829bca9565faaf93d03206b1db6644d31%40%3Cdev.ambari.apache.org%3E
https://lists.apache.org/thread.html/rff71126fa7d9f572baafb9be44078ad409c85d2c0f3e26664f1ef5a2%40%3Cdev.ambari.apache.org%3E
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EEKSZ6GE4EDOFZ23NGYWOCMD6O4JF5SO/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O2KSCCGKNEENZN3DW7TSPFBBUZH3YZXZ/
https://mostwanted002.cf/post/grafanados/
https://rhynorater.github.io/CVE-2020-13379-Write-Up
https://security.netapp.com/advisory/ntap-20200608-0006/
http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00060.html
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00083.html
http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00009.html
http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00017.html
http://packetstormsecurity.com/files/158320/Grafana-7.0.1-Denial-Of-Service.html
http://www.openwall.com/lists/oss-security/2020/06/03/4
http://www.openwall.com/lists/oss-security/2020/06/09/2
https://community.grafana.com/t/grafana-7-0-2-and-6-7-4-security-update/31408
https://community.grafana.com/t/release-notes-v6-7-x/27119
https://community.grafana.com/t/release-notes-v7-0-x/29381
https://grafana.com/blog/2020/06/03/grafana-6.7.4-and-7.0.2-released-with-important-security-fix/
https://lists.apache.org/thread.html/r0928ee574281f8b6156e0a6d0291bfc27100a9dd3f9b0177ece24ae4%40%3Cdev.ambari.apache.org%3E
https://lists.apache.org/thread.html/r093b405a49fd31efa0d949ac1a887101af1ca95652a66094194ed933%40%3Cdev.ambari.apache.org%3E
https://lists.apache.org/thread.html/r40f0a97b6765de6b8938bc212ee9dfb5101e9efa48bcbbdec02b2a60%40%3Cissues.ambari.apache.org%3E
https://lists.apache.org/thread.html/r6670a6c29044bcb77d4e5d165b5bd13fffe37b84caa5d6471b13b3a2%40%3Cdev.ambari.apache.org%3E
https://lists.apache.org/thread.html/r6bb57124a21bb638f552d81650c66684e70fc1ff9f40b6a8840171cd%40%3Cissues.ambari.apache.org%3E
https://lists.apache.org/thread.html/r984c3b42a500f5a6a89fbee436b9432fada5dc27ebab04910aafe4da%40%3Cissues.ambari.apache.org%3E
https://lists.apache.org/thread.html/rad99b06d7360a5cf6e394afb313f8901dcd4cb777aee9c9197b3b23d%40%3Cdev.ambari.apache.org%3E
https://lists.apache.org/thread.html/rba0247a27be78bd14046724098462d058a9969400a82344b3007cf90%40%3Cdev.ambari.apache.org%3E
https://lists.apache.org/thread.html/rd0fd283e3844b9c54cd5ecc92d966f96d3f4318815bbf3ac41f9c820%40%3Ccommits.ambari.apache.org%3E
https://lists.apache.org/thread.html/re75f59639f3bc1d14c7ab362bc4485ade84f3c6a3c1a03200c20fe13%40%3Cissues.ambari.apache.org%3E
https://lists.apache.org/thread.html/re7c4b251b52f49ba6ef752b829bca9565faaf93d03206b1db6644d31%40%3Cdev.ambari.apache.org%3E
https://lists.apache.org/thread.html/rff71126fa7d9f572baafb9be44078ad409c85d2c0f3e26664f1ef5a2%40%3Cdev.ambari.apache.org%3E
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EEKSZ6GE4EDOFZ23NGYWOCMD6O4JF5SO/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O2KSCCGKNEENZN3DW7TSPFBBUZH3YZXZ/
https://mostwanted002.cf/post/grafanados/
https://rhynorater.github.io/CVE-2020-13379-Write-Up
https://security.netapp.com/advisory/ntap-20200608-0006/