一、 漏洞 CVE-2024-9264 基础信息
漏洞信息
# Grafana SQL表达式允许远程代码执行
## 漏洞概述
Grafana的SQL Expressions实验性功能允许处理包含用户输入的`duckdb`查询,但由于查询在传递给`duckdb`之前未能充分清理,导致命令注入和本地文件包含漏洞。
## 影响版本
无具体版本信息
## 漏洞细节
任何拥有VIEWER及以上权限的用户都可能执行此攻击。该漏洞的触发条件是:Grafana的$PATH中必须存在`duckdb`二进制文件,默认情况下,Grafana发行版中不会安装此二进制文件。
## 影响
- 允许低权限用户执行命令注入和本地文件包含攻击。
- 若要利用此漏洞,系统中必须存在`duckdb`二进制文件。
提示
尽管我们采用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。
神龙会尽力确保数据准确,但也请结合实际情况进行甄别与判断。
神龙祝您一切顺利!
神龙会尽力确保数据准确,但也请结合实际情况进行甄别与判断。
神龙祝您一切顺利!
漏洞标题
Grafana SQL Expressions allow for remote code execution
来源:美国国家漏洞数据库 NVD
漏洞描述信息
The SQL Expressions experimental feature of Grafana allows for the evaluation of `duckdb` queries containing user input. These queries are insufficiently sanitized before being passed to `duckdb`, leading to a command injection and local file inclusion vulnerability. Any user with the VIEWER or higher permission is capable of executing this attack. The `duckdb` binary must be present in Grafana's $PATH for this attack to function; by default, this binary is not installed in Grafana distributions.
来源:美国国家漏洞数据库 NVD
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
来源:美国国家漏洞数据库 NVD
漏洞类别
对生成代码的控制不恰当(代码注入)
来源:美国国家漏洞数据库 NVD
漏洞标题
Grafana 安全漏洞
来源:中国国家信息安全漏洞库 CNNVD
漏洞描述信息
Grafana是Grafana开源的一套提供可视化监控界面的开源监控工具。该工具主要用于监控和分析Graphite、InfluxDB和Prometheus等。 Grafana存在安全漏洞,该漏洞源于SQL表达式实验性功能在处理用户输入的duckdb查询时,未能充分清理,导致命令注入和本地文件包含漏洞。
来源:中国国家信息安全漏洞库 CNNVD
CVSS信息
N/A
来源:中国国家信息安全漏洞库 CNNVD
漏洞类别
其他
来源:中国国家信息安全漏洞库 CNNVD
二、漏洞 CVE-2024-9264 的公开POC
| # | POC 描述 | 源链接 | 神龙链接 |
|---|---|---|---|
| 1 | Exploit for Grafana arbitrary file-read (CVE-2024-9264) | https://github.com/nollium/CVE-2024-9264 | POC详情 |
| 2 | File Read Proof of Concept for CVE-2024-9264 | https://github.com/z3k0sec/File-Read-CVE-2024-9264 | POC详情 |
| 3 | Exploit for Grafana arbitrary file-read (CVE-2024-9264) | https://github.com/zgimszhd61/CVE-2024-9264 | POC详情 |
| 4 | Grafana RCE exploit (CVE-2024-9264) | https://github.com/z3k0sec/CVE-2024-9264-RCE-Exploit | POC详情 |
| 5 | None | https://github.com/PunitTailor55/Grafana-CVE-2024-9264 | POC详情 |
| 6 | None | https://github.com/zgimszhd61/CVE-2024-9264-RCE | POC详情 |
| 7 | None | https://github.com/punitdarji/Grafana-CVE-2024-9264 | POC详情 |
| 8 | The SQL Expressions experimental feature of Grafana allows for the evaluation of `duckdb` queries containing user input. These queries are insufficiently sanitized before being passed to `duckdb`, leading to a command injection and local file inclusion vulnerability. Any user with the VIEWER or higher permission is capable of executing this attack. The `duckdb` binary must be present in Grafana's $PATH for this attack to function; by default, this binary is not installed in Grafana distributions. | https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2024/CVE-2024-9264.yaml | POC详情 |
| 9 | None | https://github.com/Threekiii/Awesome-POC/blob/master/Web%E5%BA%94%E7%94%A8%E6%BC%8F%E6%B4%9E/Grafana%20SQL%20%E8%A1%A8%E8%BE%BE%E5%BC%8F%E8%BF%9C%E7%A8%8B%E4%BB%A3%E7%A0%81%E6%89%A7%E8%A1%8C%E6%BC%8F%E6%B4%9E%20CVE-2024-9264.md | POC详情 |
| 10 | A go implementation for CVE-2024-9264 which effect grafana versions 11.0.x, 11.1.x, and 11.2.x. | https://github.com/Cythonic1/CVE-2024-9264 | POC详情 |
| 11 | None | https://github.com/Exerrdev/CVE-2024-9264-Fixed | POC详情 |
| 12 | None | https://github.com/Royall-Researchers/CVE-2024-9264 | POC详情 |
| 13 | Grafana RCE | https://github.com/ruizii/CVE-2024-9264 | POC详情 |
| 14 | Authenticated RCE in Grafana (v11.0) via SQL Expressions - PoC Exploit | https://github.com/rvizx/CVE-2024-9264 | POC详情 |
| 15 | Grafana image with DuckDB binary present vulnerable to exploit CVE-2024-9264 | https://github.com/patrickpichler/grafana-CVE-2024-9264 | POC详情 |
三、漏洞 CVE-2024-9264 的情报信息
四、漏洞 CVE-2024-9264 的评论
暂无评论