Описание
The avatar feature in Grafana 3.0.1 through 7.0.1 has an SSRF Incorrect Access Control issue. This vulnerability allows any unauthenticated user/client to make Grafana send HTTP requests to any URL and return its result to the user/client. This can be used to gain information about the network that Grafana is running on. Furthermore, passing invalid URL objects could be used for DOS'ing Grafana via SegFault.
An SSRF incorrect access control vulnerability was found in Grafana regarding the avatar feature, allowing any unauthenticated user or client to make Grafana send HTTP requests to any URL and then return its result to the user or client. Additionally, the same issue can create a NULL pointer dereference vulnerability. This flaw allows an attacker to gain information about the network that Grafana is running on, or cause a segmentation fault, resulting in a denial of service.
Отчет
In both OpenShift Container Platform (OCP) and OpenShift ServiceMesh (OSSM), the Grafana containers are behind OpenShift OAuth restricting access to the vulnerable path to authenticated users only. However, other pods may still access the vulnerable URL within the cluster. Therefore the impact is moderate for both (OCP and OSSM). Red Hat Ceph Storage 2 is now in Extended Life Support (ELS) Phase of the support. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Ceph Storage Life Cycle: https://access.redhat.com/support/policy/updates/ceph-storage
Меры по смягчению последствий
This issue can be mitigated by blocking access to the URL path /avatar/*, through a method such as a reverse proxy, load balancer, application firewall etc.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Ceph Storage 2 | grafana | Will not fix | ||
| Red Hat Ceph Storage 3 | grafana-container | Affected | ||
| Red Hat OpenShift Container Platform 3.11 | openshift3/grafana | Will not fix | ||
| OpenShift Service Mesh 1.0 | servicemesh-grafana | Fixed | RHSA-2020:2861 | 07.07.2020 |
| OpenShift Service Mesh 1.1 | servicemesh-grafana | Fixed | RHSA-2020:2796 | 01.07.2020 |
| Red Hat Ceph Storage 3 - ELS | ceph | Fixed | RHSA-2021:1518 | 06.05.2021 |
| Red Hat Ceph Storage 3 - ELS | ceph-ansible | Fixed | RHSA-2021:1518 | 06.05.2021 |
| Red Hat Ceph Storage 3 - ELS | cephmetrics | Fixed | RHSA-2021:1518 | 06.05.2021 |
| Red Hat Ceph Storage 3 - ELS | grafana | Fixed | RHSA-2021:1518 | 06.05.2021 |
| Red Hat Ceph Storage 3 - ELS | tcmu-runner | Fixed | RHSA-2021:1518 | 06.05.2021 |
Показывать по
Дополнительная информация
Статус:
EPSS
8.2 High
CVSS3
Связанные уязвимости
The avatar feature in Grafana 3.0.1 through 7.0.1 has an SSRF Incorrect Access Control issue. This vulnerability allows any unauthenticated user/client to make Grafana send HTTP requests to any URL and return its result to the user/client. This can be used to gain information about the network that Grafana is running on. Furthermore, passing invalid URL objects could be used for DOS'ing Grafana via SegFault.
The avatar feature in Grafana 3.0.1 through 7.0.1 has an SSRF Incorrect Access Control issue. This vulnerability allows any unauthenticated user/client to make Grafana send HTTP requests to any URL and return its result to the user/client. This can be used to gain information about the network that Grafana is running on. Furthermore, passing invalid URL objects could be used for DOS'ing Grafana via SegFault.
The avatar feature in Grafana 3.0.1 through 7.0.1 has an SSRF Incorrec ...
EPSS
8.2 High
CVSS3