VDB

RHSA-2020%3A2792

RHSA-2020%3A2792 PUBLISHED CVSS 8.199999809265137 HIGH

An SSRF incorrect access control vulnerability was found in Grafana regarding the avatar feature, allowing any unauthenticated user or client to make Grafana send HTTP requests to any URL and then return its result to the user or client. Additionally, the same issue can create a NULL pointer dereference vulnerability. This flaw allows an attacker to gain information about the network that Grafana is running on, or cause a segmentation fault, resulting in a denial of service.

Risk Scores

CVSS 3.1
8.199999809265137
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

Affected Products

VendorProductVersions
Red Hatopenshift4/ose-grafana@sha256:963fe01272ee5fe6deeafa453087f981733c3277944f6d103fd246ea6e21e1a6_amd64 as a component of Red Hat OpenShift Container Platform 4.4openshift4/ose-grafana@sha256:963fe01272ee5fe6deeafa453087f981733c3277944f6d103fd246ea6e21e1a6_amd64
Red Hatopenshift4/ose-grafana@sha256:90ad6cd473e4498fe55ddcd4d169f98233fcb1b5091a665fdc2ca717b1d5af30_s390x as a component of Red Hat OpenShift Container Platform 4.4openshift4/ose-grafana@sha256:90ad6cd473e4498fe55ddcd4d169f98233fcb1b5091a665fdc2ca717b1d5af30_s390x
Red Hatopenshift4/ose-grafana@sha256:fab09ff63ee4cf635faba041aceb9700bef5647776a10b38721fd424cc9bcc85_ppc64le as a component of Red Hat OpenShift Container Platform 4.4openshift4/ose-grafana@sha256:fab09ff63ee4cf635faba041aceb9700bef5647776a10b38721fd424cc9bcc85_ppc64le

Timeline

  • Jul 6, 2020 CVE Published
  • Feb 28, 2026 CVE Updated
  • May 1, 2026 Distribution Patch
  • May 1, 2026 Distribution Patch
  • May 1, 2026 Security Advisory
  • May 1, 2026 Security Advisory
Open in Interactive Console →
$ Console Community · 100/wk Open console ›