Grafana Mysql Background Arbitrary File Reading Vulnerability Cve 2019 19499
Grafana Mysql Background Arbitrary File Reading Vulnerability Cve 2019 19499
Grafana mysql background arbitrary file reading vulnerability CVE-2019-19499
Vulnerability Description
Grafana is an open source application for analytics, monitoring, and data visualization.
Vulnerability Impact
Grafana < 6.4.4
Environment construction
1
2
docker pull grafana/grafana:6.4.3
docker run -d --name=grafana -p 3000:3000 grafana/grafana:6.4.3
Vulnerability reappears
Log in to the background admin/admin, add data source Mysql
Reference for fixing vulnerabilities
The fix is the user-controllable part of the database database name. Since the allowAllFiles=true parameter can disable protection of LOCAL INFILE requests, you can obtain any file in the server through previous vulnerabilities regarding any Mysql file reading.
Create another malicious Mysql: https://github.com/allyshka/Rogue-MySql-Server
Execute Save to read the file
This post is licensed under CC BY 4.0 by the author.