Skip to content

z3k0sec/File-Read-CVE-2024-9264

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
Dockerfile
Dockerfile
 
 
README.md
README.md
 
 
docker-compose.yml
docker-compose.yml
 
 
poc.py
poc.py
 
 

Repository files navigation

File-Read-CVE-2024-9264

Proof Of Concept for File Read in Grafana (CVE-2024-9264)

Prerequisites

  • authenticated Grafana user with Viewer permissions or higher
  • DuckDB binary must be installed and accessible through Grafana's PATH

Impacted version

Grafana >= v11.0.0 (all v11.x.y are impacted)

Usage

python3 poc.py [--url <target>] [--user <username>] [--password <password>] [--file <path>]

Example

python3 poc.py --url http://127.0.0.1:3000 --user eviluser --password eviluser --file /etc/passwd

Disclaimer

This script is intended for educational purposes and for use in controlled environments where you have permission to test the security of the system. Misuse of this tool could lead to legal consequences.

More

https://zekosec.com/blog/file-read-grafana-cve-2024-9264/ https://grafana.com/blog/2024/10/17/grafana-security-release-critical-severity-fix-for-cve-2024-9264/

About

File Read Proof of Concept for CVE-2024-9264

zekosec.com/blog/file-read-grafana-cve-2024-9264/

Topics

exploit grafana poc cve-2024-9264

Resources

Readme
Activity

Stars

5 stars

Watchers

1 watching

Forks

2 forks
Report repository

Releases

4 tags

Packages

No packages published

Languages