CVE-2020-10791

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2020-10791

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-10791.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2020-10791

Published

2020-03-25T14:15:12.447Z

Modified

2025-12-04T21:02:17.537345Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N CVSS Calculator

Summary

[none]

Details

app/Plugin/GrafanaModule/Controller/GrafanaConfigurationController.php in openITCOCKPIT before 3.7.3 allows remote authenticated users to trigger outbound TCP requests (aka SSRF) via the Test Connection feature (aka testGrafanaConnection) of the Grafana Module.

References

Affected packages

Git / github.com/it-novum/openitcockpit

Affected ranges

Type: GIT
Repo: https://github.com/it-novum/openitcockpit
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

779a60216416ac8bb5c4cb73f82f3515ac65ed46

Affected versions

openITCOCKPIT-3.*

openITCOCKPIT-3.0.10

openITCOCKPIT-3.0.10-10

openITCOCKPIT-3.0.10-12

openITCOCKPIT-3.0.10-13

openITCOCKPIT-3.0.10-14

openITCOCKPIT-3.0.10-15

openITCOCKPIT-3.0.10-16

openITCOCKPIT-3.0.10-4

openITCOCKPIT-3.0.10-5

openITCOCKPIT-3.0.10-6

openITCOCKPIT-3.0.10-8

openITCOCKPIT-3.0.11

openITCOCKPIT-3.0.11-3

openITCOCKPIT-3.0.11-4

openITCOCKPIT-3.0.11-6

openITCOCKPIT-3.0.11-7

openITCOCKPIT-3.0.11-8

openITCOCKPIT-3.0.4

openITCOCKPIT-3.0.6-1

openITCOCKPIT-3.0.7

openITCOCKPIT-3.0.8

openITCOCKPIT-3.0.8-2

openITCOCKPIT-3.0.9

openITCOCKPIT-3.1.0

openITCOCKPIT-3.1.1

openITCOCKPIT-3.1.5

openITCOCKPIT-3.2.0

openITCOCKPIT-3.3.0

openITCOCKPIT-3.3.0-3

openITCOCKPIT-3.4.2

openITCOCKPIT-3.4.3

openITCOCKPIT-3.5.0

openITCOCKPIT-3.6.0

openITCOCKPIT-3.6.1

openITCOCKPIT-3.6.1-2

openITCOCKPIT-3.7.1

openITCOCKPIT-3.7.2

Git / github.com/openitcockpit/openitcockpit