Metasploit modules that can be used to exploit Grafana products
-
Grafana Plugin Path Traversal
Disclosure Date: 2021-12-02First seen: 2022-12-23auxiliary/scanner/http/grafana_plugin_traversalGrafana versions 8.0.0-beta1 through 8.3.0 prior to 8.0.7, 8.1.8, 8.2.7, or 8.3.1 are vulnerable to directory traversal through the plugin URL. A valid plugin ID is required, but many are installed by default. Authors: - h00die - jordyv -
Grafana 2.0 through 5.2.2 authentication bypass for LDAP and OAuth
Disclosure Date: 2019-08-14First seen: 2020-04-26auxiliary/admin/http/grafana_auth_bypassThis module generates a remember me cookie for a valid username. Through unpropper seeding while userdate are requested from LDAP or OAuth it's possible to craft a valid remember me cookie. This cookie can be used for bypass authentication for everyone knowing a valid username. Authors: - Rene Riedling - Sebastian Solnica
2 metasploit modules found
Please note: Metasploit modules are only matched by CVE numbers.
Visit metasploit web site for more details