cvelist/2020/13xxx/CVE-2020-13379.json

{
    "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2020-13379",
        "STATE": "PUBLIC"
    },
    "affects": {
        "vendor": {
            "vendor_data": [
                {
                    "product": {
                        "product_data": [
                            {
                                "product_name": "n/a",
                                "version": {
                                    "version_data": [
                                        {
                                            "version_value": "n/a"
                                        }
                                    ]
                                }
                            }
                        ]
                    },
                    "vendor_name": "n/a"
                }
            ]
        }
    },
    "data_format": "MITRE",
    "data_type": "CVE",
    "data_version": "4.0",
    "description": {
        "description_data": [
            {
                "lang": "eng",
                "value": "The avatar feature in Grafana 3.0.1 through 7.0.1 has an SSRF Incorrect Access Control issue. This vulnerability allows any unauthenticated user/client to make Grafana send HTTP requests to any URL and return its result to the user/client. This can be used to gain information about the network that Grafana is running on. Furthermore, passing invalid URL objects could be used for DOS'ing Grafana via SegFault."
            }
        ]
    },
    "problemtype": {
        "problemtype_data": [
            {
                "description": [
                    {
                        "lang": "eng",
                        "value": "n/a"
                    }
                ]
            }
        ]
    },
    "references": {
        "reference_data": [
            {
                "refsource": "MISC",
                "name": "https://community.grafana.com/t/release-notes-v6-7-x/27119",
                "url": "https://community.grafana.com/t/release-notes-v6-7-x/27119"
            },
            {
                "refsource": "CONFIRM",
                "name": "http://www.openwall.com/lists/oss-security/2020/06/03/4",
                "url": "http://www.openwall.com/lists/oss-security/2020/06/03/4"
            },
            {
                "refsource": "MISC",
                "name": "https://community.grafana.com/t/grafana-7-0-2-and-6-7-4-security-update/31408",
                "url": "https://community.grafana.com/t/grafana-7-0-2-and-6-7-4-security-update/31408"
            },
            {
                "refsource": "CONFIRM",
                "name": "https://grafana.com/blog/2020/06/03/grafana-6.7.4-and-7.0.2-released-with-important-security-fix/",
                "url": "https://grafana.com/blog/2020/06/03/grafana-6.7.4-and-7.0.2-released-with-important-security-fix/"
            },
            {
                "refsource": "MISC",
                "name": "https://community.grafana.com/t/release-notes-v7-0-x/29381",
                "url": "https://community.grafana.com/t/release-notes-v7-0-x/29381"
            },
            {
                "refsource": "CONFIRM",
                "name": "https://security.netapp.com/advisory/ntap-20200608-0006/",
                "url": "https://security.netapp.com/advisory/ntap-20200608-0006/"
            },
            {
                "refsource": "MLIST",
                "name": "[oss-security] 20200609 Re: Grafana 6.7.4 and 7.0.2 released with fix for CVE-2020-13379",
                "url": "http://www.openwall.com/lists/oss-security/2020/06/09/2"
            },
            {
                "refsource": "FEDORA",
                "name": "FEDORA-2020-e6e81a03d6",
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O2KSCCGKNEENZN3DW7TSPFBBUZH3YZXZ/"
            },
            {
                "refsource": "FEDORA",
                "name": "FEDORA-2020-a09e5be0be",
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EEKSZ6GE4EDOFZ23NGYWOCMD6O4JF5SO/"
            },
            {
                "refsource": "SUSE",
                "name": "openSUSE-SU-2020:0892",
                "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00060.html"
            },
            {
                "refsource": "MISC",
                "name": "https://mostwanted002.cf/post/grafanados/",
                "url": "https://mostwanted002.cf/post/grafanados/"
            },
            {
                "refsource": "MISC",
                "name": "http://packetstormsecurity.com/files/158320/Grafana-7.0.1-Denial-Of-Service.html",
                "url": "http://packetstormsecurity.com/files/158320/Grafana-7.0.1-Denial-Of-Service.html"
            },
            {
                "refsource": "SUSE",
                "name": "openSUSE-SU-2020:1105",
                "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00083.html"
            },
            {
                "refsource": "MISC",
                "name": "https://rhynorater.github.io/CVE-2020-13379-Write-Up",
                "url": "https://rhynorater.github.io/CVE-2020-13379-Write-Up"
            },
            {
                "refsource": "MLIST",
                "name": "[ambari-issues] 20200903 [jira] [Assigned] (AMBARI-25547) Update Grafana version to 6.7.4 to avoid CVE-2020-13379",
                "url": "https://lists.apache.org/thread.html/re75f59639f3bc1d14c7ab362bc4485ade84f3c6a3c1a03200c20fe13@%3Cissues.ambari.apache.org%3E"
            },
            {
                "refsource": "MLIST",
                "name": "[ambari-issues] 20200903 [jira] [Created] (AMBARI-25547) Update Grafana version to 6.7.4 to avoid CVE-2020-13379",
                "url": "https://lists.apache.org/thread.html/r6bb57124a21bb638f552d81650c66684e70fc1ff9f40b6a8840171cd@%3Cissues.ambari.apache.org%3E"
            },
            {
                "refsource": "SUSE",
                "name": "openSUSE-SU-2020:1611",
                "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00009.html"
            },
            {
                "refsource": "SUSE",
                "name": "openSUSE-SU-2020:1646",
                "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00017.html"
            },
            {
                "refsource": "MLIST",
                "name": "[ambari-issues] 20210121 [jira] [Updated] (AMBARI-25547) Update Grafana version to 6.7.4 to avoid CVE-2020-13379",
                "url": "https://lists.apache.org/thread.html/r40f0a97b6765de6b8938bc212ee9dfb5101e9efa48bcbbdec02b2a60@%3Cissues.ambari.apache.org%3E"
            },
            {
                "refsource": "MLIST",
                "name": "[ambari-dev] 20210121 [GitHub] [ambari] payert opened a new pull request #3279: AMBARI-25547 Update Grafana version to 6.7.4 to avoid CVE-2020-13379",
                "url": "https://lists.apache.org/thread.html/r093b405a49fd31efa0d949ac1a887101af1ca95652a66094194ed933@%3Cdev.ambari.apache.org%3E"
            },
            {
                "refsource": "MLIST",
                "name": "[ambari-dev] 20210121 [GitHub] [ambari] payert commented on a change in pull request #3279: AMBARI-25547 Update Grafana version to 6.7.4 to avoid CVE-2020-13379",
                "url": "https://lists.apache.org/thread.html/rba0247a27be78bd14046724098462d058a9969400a82344b3007cf90@%3Cdev.ambari.apache.org%3E"
            },
            {
                "refsource": "MLIST",
                "name": "[ambari-dev] 20210121 [GitHub] [ambari] dvitiiuk commented on a change in pull request #3279: AMBARI-25547 Update Grafana version to 6.7.4 to avoid CVE-2020-13379",
                "url": "https://lists.apache.org/thread.html/rff71126fa7d9f572baafb9be44078ad409c85d2c0f3e26664f1ef5a2@%3Cdev.ambari.apache.org%3E"
            },
            {
                "refsource": "MLIST",
                "name": "[ambari-dev] 20210122 [GitHub] [ambari] payert commented on a change in pull request #3279: AMBARI-25547 Update Grafana version to 6.7.4 to avoid CVE-2020-13379",
                "url": "https://lists.apache.org/thread.html/re7c4b251b52f49ba6ef752b829bca9565faaf93d03206b1db6644d31@%3Cdev.ambari.apache.org%3E"
            },
            {
                "refsource": "MLIST",
                "name": "[ambari-dev] 20210122 [GitHub] [ambari] payert opened a new pull request #3279: AMBARI-25547 Update Grafana version to 6.7.4 to avoid CVE-2020-13379",
                "url": "https://lists.apache.org/thread.html/rad99b06d7360a5cf6e394afb313f8901dcd4cb777aee9c9197b3b23d@%3Cdev.ambari.apache.org%3E"
            },
            {
                "refsource": "MLIST",
                "name": "[ambari-dev] 20210122 [GitHub] [ambari] dvitiiuk commented on a change in pull request #3279: AMBARI-25547 Update Grafana version to 6.7.4 to avoid CVE-2020-13379",
                "url": "https://lists.apache.org/thread.html/r0928ee574281f8b6156e0a6d0291bfc27100a9dd3f9b0177ece24ae4@%3Cdev.ambari.apache.org%3E"
            },
            {
                "refsource": "MLIST",
                "name": "[ambari-commits] 20210125 [ambari] branch branch-2.7 updated: AMBARI-25547 Update Grafana version to 6.7.4 to avoid CVE-2020-13379 (#3279)",
                "url": "https://lists.apache.org/thread.html/rd0fd283e3844b9c54cd5ecc92d966f96d3f4318815bbf3ac41f9c820@%3Ccommits.ambari.apache.org%3E"
            },
            {
                "refsource": "MLIST",
                "name": "[ambari-dev] 20210125 [GitHub] [ambari] payert merged pull request #3279: AMBARI-25547 Update Grafana version to 6.7.4 to avoid CVE-2020-13379",
                "url": "https://lists.apache.org/thread.html/r6670a6c29044bcb77d4e5d165b5bd13fffe37b84caa5d6471b13b3a2@%3Cdev.ambari.apache.org%3E"
            },
            {
                "refsource": "MLIST",
                "name": "[ambari-issues] 20210127 [jira] [Resolved] (AMBARI-25547) Update Grafana version to 6.7.4 to avoid CVE-2020-13379",
                "url": "https://lists.apache.org/thread.html/r984c3b42a500f5a6a89fbee436b9432fada5dc27ebab04910aafe4da@%3Cissues.ambari.apache.org%3E"
            }
        ]
    }
}
"-Synchronized-Data." 2020-05-22 04:01:16 +00:00			`{`
			`"CVE_data_meta": {`
			`"ASSIGNER": "cve@mitre.org",`
"-Synchronized-Data." 2020-06-03 19:01:33 +00:00			`"ID": "CVE-2020-13379",`
			`"STATE": "PUBLIC"`
			`},`
			`"affects": {`
			`"vendor": {`
			`"vendor_data": [`
			`{`
			`"product": {`
			`"product_data": [`
			`{`
			`"product_name": "n/a",`
			`"version": {`
			`"version_data": [`
			`{`
			`"version_value": "n/a"`
			`}`
			`]`
			`}`
			`}`
			`]`
			`},`
			`"vendor_name": "n/a"`
			`}`
			`]`
			`}`
"-Synchronized-Data." 2020-05-22 04:01:16 +00:00			`},`
"-Synchronized-Data." 2020-06-03 19:01:33 +00:00			`"data_format": "MITRE",`
			`"data_type": "CVE",`
			`"data_version": "4.0",`
"-Synchronized-Data." 2020-05-22 04:01:16 +00:00			`"description": {`
			`"description_data": [`
			`{`
			`"lang": "eng",`
"-Synchronized-Data." 2020-06-22 14:01:23 +00:00			`"value": "The avatar feature in Grafana 3.0.1 through 7.0.1 has an SSRF Incorrect Access Control issue. This vulnerability allows any unauthenticated user/client to make Grafana send HTTP requests to any URL and return its result to the user/client. This can be used to gain information about the network that Grafana is running on. Furthermore, passing invalid URL objects could be used for DOS'ing Grafana via SegFault."`
"-Synchronized-Data." 2020-06-03 19:01:33 +00:00			`}`
			`]`
			`},`
			`"problemtype": {`
			`"problemtype_data": [`
			`{`
			`"description": [`
			`{`
			`"lang": "eng",`
			`"value": "n/a"`
			`}`
			`]`
			`}`
			`]`
			`},`
			`"references": {`
			`"reference_data": [`
			`{`
			`"refsource": "MISC",`
			`"name": "https://community.grafana.com/t/release-notes-v6-7-x/27119",`
			`"url": "https://community.grafana.com/t/release-notes-v6-7-x/27119"`
			`},`
			`{`
			`"refsource": "CONFIRM",`
			`"name": "http://www.openwall.com/lists/oss-security/2020/06/03/4",`
			`"url": "http://www.openwall.com/lists/oss-security/2020/06/03/4"`
			`},`
			`{`
			`"refsource": "MISC",`
			`"name": "https://community.grafana.com/t/grafana-7-0-2-and-6-7-4-security-update/31408",`
			`"url": "https://community.grafana.com/t/grafana-7-0-2-and-6-7-4-security-update/31408"`
			`},`
			`{`
			`"refsource": "CONFIRM",`
			`"name": "https://grafana.com/blog/2020/06/03/grafana-6.7.4-and-7.0.2-released-with-important-security-fix/",`
			`"url": "https://grafana.com/blog/2020/06/03/grafana-6.7.4-and-7.0.2-released-with-important-security-fix/"`
			`},`
			`{`
			`"refsource": "MISC",`
			`"name": "https://community.grafana.com/t/release-notes-v7-0-x/29381",`
			`"url": "https://community.grafana.com/t/release-notes-v7-0-x/29381"`
"-Synchronized-Data." 2020-06-08 13:01:31 +00:00			`},`
			`{`
			`"refsource": "CONFIRM",`
			`"name": "https://security.netapp.com/advisory/ntap-20200608-0006/",`
			`"url": "https://security.netapp.com/advisory/ntap-20200608-0006/"`
"-Synchronized-Data." 2020-06-09 12:01:18 +00:00			`},`
			`{`
			`"refsource": "MLIST",`
			`"name": "[oss-security] 20200609 Re: Grafana 6.7.4 and 7.0.2 released with fix for CVE-2020-13379",`
			`"url": "http://www.openwall.com/lists/oss-security/2020/06/09/2"`
"-Synchronized-Data." 2020-06-15 04:01:26 +00:00			`},`
			`{`
			`"refsource": "FEDORA",`
			`"name": "FEDORA-2020-e6e81a03d6",`
			`"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O2KSCCGKNEENZN3DW7TSPFBBUZH3YZXZ/"`
"-Synchronized-Data." 2020-06-16 03:01:19 +00:00			`},`
			`{`
			`"refsource": "FEDORA",`
			`"name": "FEDORA-2020-a09e5be0be",`
			`"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EEKSZ6GE4EDOFZ23NGYWOCMD6O4JF5SO/"`
"-Synchronized-Data." 2020-06-28 12:01:17 +00:00			`},`
			`{`
			`"refsource": "SUSE",`
			`"name": "openSUSE-SU-2020:0892",`
			`"url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00060.html"`
"-Synchronized-Data." 2020-07-02 19:01:17 +00:00			`},`
			`{`
			`"refsource": "MISC",`
			`"name": "https://mostwanted002.cf/post/grafanados/",`
			`"url": "https://mostwanted002.cf/post/grafanados/"`
"-Synchronized-Data." 2020-07-06 23:01:23 +00:00			`},`
			`{`
			`"refsource": "MISC",`
			`"name": "http://packetstormsecurity.com/files/158320/Grafana-7.0.1-Denial-Of-Service.html",`
			`"url": "http://packetstormsecurity.com/files/158320/Grafana-7.0.1-Denial-Of-Service.html"`
"-Synchronized-Data." 2020-07-28 00:02:04 +00:00			`},`
			`{`
			`"refsource": "SUSE",`
			`"name": "openSUSE-SU-2020:1105",`
			`"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00083.html"`
"-Synchronized-Data." 2020-08-14 15:01:24 +00:00			`},`
			`{`
			`"refsource": "MISC",`
			`"name": "https://rhynorater.github.io/CVE-2020-13379-Write-Up",`
			`"url": "https://rhynorater.github.io/CVE-2020-13379-Write-Up"`
"-Synchronized-Data." 2020-09-03 13:01:26 +00:00			`},`
			`{`
			`"refsource": "MLIST",`
			`"name": "[ambari-issues] 20200903 [jira] [Assigned] (AMBARI-25547) Update Grafana version to 6.7.4 to avoid CVE-2020-13379",`
			`"url": "https://lists.apache.org/thread.html/re75f59639f3bc1d14c7ab362bc4485ade84f3c6a3c1a03200c20fe13@%3Cissues.ambari.apache.org%3E"`
			`},`
			`{`
			`"refsource": "MLIST",`
			`"name": "[ambari-issues] 20200903 [jira] [Created] (AMBARI-25547) Update Grafana version to 6.7.4 to avoid CVE-2020-13379",`
			`"url": "https://lists.apache.org/thread.html/r6bb57124a21bb638f552d81650c66684e70fc1ff9f40b6a8840171cd@%3Cissues.ambari.apache.org%3E"`
"-Synchronized-Data." 2020-10-04 18:01:36 +00:00			`},`
			`{`
			`"refsource": "SUSE",`
			`"name": "openSUSE-SU-2020:1611",`
			`"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00009.html"`
"-Synchronized-Data." 2020-10-10 18:01:42 +00:00			`},`
			`{`
			`"refsource": "SUSE",`
			`"name": "openSUSE-SU-2020:1646",`
			`"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00017.html"`
"-Synchronized-Data." 2021-01-26 18:02:03 +00:00			`},`
			`{`
			`"refsource": "MLIST",`
			`"name": "[ambari-issues] 20210121 [jira] [Updated] (AMBARI-25547) Update Grafana version to 6.7.4 to avoid CVE-2020-13379",`
			`"url": "https://lists.apache.org/thread.html/r40f0a97b6765de6b8938bc212ee9dfb5101e9efa48bcbbdec02b2a60@%3Cissues.ambari.apache.org%3E"`
			`},`
			`{`
			`"refsource": "MLIST",`
			`"name": "[ambari-dev] 20210121 [GitHub] [ambari] payert opened a new pull request #3279: AMBARI-25547 Update Grafana version to 6.7.4 to avoid CVE-2020-13379",`
			`"url": "https://lists.apache.org/thread.html/r093b405a49fd31efa0d949ac1a887101af1ca95652a66094194ed933@%3Cdev.ambari.apache.org%3E"`
"-Synchronized-Data." 2021-01-26 20:03:39 +00:00			`},`
			`{`
			`"refsource": "MLIST",`
			`"name": "[ambari-dev] 20210121 [GitHub] [ambari] payert commented on a change in pull request #3279: AMBARI-25547 Update Grafana version to 6.7.4 to avoid CVE-2020-13379",`
			`"url": "https://lists.apache.org/thread.html/rba0247a27be78bd14046724098462d058a9969400a82344b3007cf90@%3Cdev.ambari.apache.org%3E"`
			`},`
			`{`
			`"refsource": "MLIST",`
			`"name": "[ambari-dev] 20210121 [GitHub] [ambari] dvitiiuk commented on a change in pull request #3279: AMBARI-25547 Update Grafana version to 6.7.4 to avoid CVE-2020-13379",`
			`"url": "https://lists.apache.org/thread.html/rff71126fa7d9f572baafb9be44078ad409c85d2c0f3e26664f1ef5a2@%3Cdev.ambari.apache.org%3E"`
			`},`
			`{`
			`"refsource": "MLIST",`
			`"name": "[ambari-dev] 20210122 [GitHub] [ambari] payert commented on a change in pull request #3279: AMBARI-25547 Update Grafana version to 6.7.4 to avoid CVE-2020-13379",`
			`"url": "https://lists.apache.org/thread.html/re7c4b251b52f49ba6ef752b829bca9565faaf93d03206b1db6644d31@%3Cdev.ambari.apache.org%3E"`
			`},`
			`{`
			`"refsource": "MLIST",`
			`"name": "[ambari-dev] 20210122 [GitHub] [ambari] payert opened a new pull request #3279: AMBARI-25547 Update Grafana version to 6.7.4 to avoid CVE-2020-13379",`
			`"url": "https://lists.apache.org/thread.html/rad99b06d7360a5cf6e394afb313f8901dcd4cb777aee9c9197b3b23d@%3Cdev.ambari.apache.org%3E"`
			`},`
			`{`
			`"refsource": "MLIST",`
			`"name": "[ambari-dev] 20210122 [GitHub] [ambari] dvitiiuk commented on a change in pull request #3279: AMBARI-25547 Update Grafana version to 6.7.4 to avoid CVE-2020-13379",`
			`"url": "https://lists.apache.org/thread.html/r0928ee574281f8b6156e0a6d0291bfc27100a9dd3f9b0177ece24ae4@%3Cdev.ambari.apache.org%3E"`
"-Synchronized-Data." 2021-01-26 20:05:42 +00:00			`},`
			`{`
			`"refsource": "MLIST",`
			`"name": "[ambari-commits] 20210125 [ambari] branch branch-2.7 updated: AMBARI-25547 Update Grafana version to 6.7.4 to avoid CVE-2020-13379 (#3279)",`
			`"url": "https://lists.apache.org/thread.html/rd0fd283e3844b9c54cd5ecc92d966f96d3f4318815bbf3ac41f9c820@%3Ccommits.ambari.apache.org%3E"`
			`},`
			`{`
			`"refsource": "MLIST",`
			`"name": "[ambari-dev] 20210125 [GitHub] [ambari] payert merged pull request #3279: AMBARI-25547 Update Grafana version to 6.7.4 to avoid CVE-2020-13379",`
			`"url": "https://lists.apache.org/thread.html/r6670a6c29044bcb77d4e5d165b5bd13fffe37b84caa5d6471b13b3a2@%3Cdev.ambari.apache.org%3E"`
"-Synchronized-Data." 2021-01-27 11:00:39 +00:00			`},`
			`{`
			`"refsource": "MLIST",`
			`"name": "[ambari-issues] 20210127 [jira] [Resolved] (AMBARI-25547) Update Grafana version to 6.7.4 to avoid CVE-2020-13379",`
			`"url": "https://lists.apache.org/thread.html/r984c3b42a500f5a6a89fbee436b9432fada5dc27ebab04910aafe4da@%3Cissues.ambari.apache.org%3E"`
"-Synchronized-Data." 2020-05-22 04:01:16 +00:00			`}`
			`]`
			`}`
			`}`