.. / CVE-2019-15043

Exploit for Grafana - Improper Access Control (CVE-2019-15043)

Description:

Grafana 2.x through 6.x before 6.3.4 is susceptible to improper access control. An attacker can delete and create arbitrary snapshots, leading to denial of service.

Nuclei Template

View the template here CVE-2019-15043.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2019/CVE-2019-15043.yaml

References:

https://aaron-hoffmann.com/posts/cve-2019-15043/
https://bugzilla.redhat.com/show_bug.cgi?id=1746945
https://nvd.nist.gov/vuln/detail/CVE-2019-15043
https://community.grafana.com/t/grafana-5-4-5-and-6-3-4-security-update/20569
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15043
https://grafana.com/blog/2019/08/29/grafana-5.4.5-and-6.3.4-released-with-important-security-fix/

.. / CVE-2019-15043 if(localStorage["style"]=="true"){ document.getElementById('pagestyle').setAttribute('href','/assets/styleDark.css'); document.querySelector('input[type="checkbox"]').checked = true }

Exploit for Grafana - Improper Access Control (CVE-2019-15043)

Description:

Nuclei Template

Validate with Nuclei

.. / CVE-2019-15043