漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Arbitrary Code Execution in Grafana Image Renderer Plugin
Vulnerability Description
Grafana Image Renderer is vulnerable to remote code execution due to an arbitrary file write vulnerability. This is due to the fact that the /render/csv endpoint lacked validation of the filePath parameter that allowed an attacker to save a shared object to an arbitrary location that is then loaded by the Chromium process. Instances are vulnerable if: 1. The default token ("authToken") is not changed, or is known to the attacker. 2. The attacker can reach the image renderer endpoint. This issue affects grafana-image-renderer: from 1.0.0 through 4.0.16.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Vulnerability Type
对生成代码的控制不恰当(代码注入)
Vulnerability Title
grafana-image-renderer 安全漏洞
Vulnerability Description
grafana-image-renderer是Grafana开源的一个 Grafana 后端插件。 grafana-image-renderer 1.0.0版本至4.0.16版本存在安全漏洞,该漏洞源于/render/csv端点未验证filePath参数,可能导致远程代码执行。
CVSS Information
N/A
Vulnerability Type
N/A