Описание
Grafana OnCall is an easy-to-use on-call management tool that will help reduce toil in on-call management through simpler workflows and interfaces that are tailored specifically for engineers.
Grafana OnCall, from version 1.1.37 before 1.5.2 are vulnerable to a Server Side Request Forgery (SSRF) vulnerability in the webhook functionallity.
This issue was fixed in version 1.5.2
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
EPSS
7.7 High
CVSS3
9.1 Critical
CVSS3
Дефекты
Связанные уязвимости
Grafana OnCall is an easy-to-use on-call management tool that will help reduce toil in on-call management through simpler workflows and interfaces that are tailored specifically for engineers. Grafana OnCall, from version 1.1.37 before 1.5.2 are vulnerable to a Server Side Request Forgery (SSRF) vulnerability in the webhook functionallity. This issue was fixed in version 1.5.2
Уязвимость компонента webhook системы управления оповещениями Grafana OnCall, позволяющая нарушителю осуществить SSRF-атаку
EPSS
7.7 High
CVSS3
9.1 Critical
CVSS3