h0ffayyy (12)

Last Login: March 20, 2021

Assessments

Score

h0ffayyy's Latest (2) Contributions

Sort by:

Filter by:

h0ffayyy assessed CVE-2019-8451

September 26, 2020 6:29pm UTC (3 years ago)•Edited 3 years ago

Ratings

Attacker Value

Medium

Exploitability

High

Easy to weaponize Unauthenticated Vulnerable in default configuration

Technical Analysis

Fairly easy to exploit, but I wasn’t able to do more than send requests from the victim server. May be useful for an attacker to recon internal infrastructure.

My POC can be seen here: https://github.com/h0ffayyy/Jira-CVE-2019-8451

h0ffayyy assessed CVE-2019-15043

September 26, 2020 6:21pm UTC (3 years ago)•Edited 3 years ago

Ratings

Attacker Value

Very Low

Exploitability

Very High

Easy to weaponize Unauthenticated Vulnerable in default configuration No useful access

Technical Analysis

The Dashboard Snapshot API allows an unauthenticated user to create dashboard snapshots. An attacker could generate enough snapshots to eventually fill up the disk on the Grafana server, causing the denial of service.

My proof of concept can be found here: https://github.com/h0ffayyy/CVE-2019-15043

This site uses cookies for anonymized analytics. For more information or to change your cookie settings, view our Cookie Policy.

h0ffayyy (12)

Last Login: March 20, 2021

h0ffayyy's Latest (2) Contributions

Ratings

Technical Analysis

Ratings

Technical Analysis

Quick Cookie Notification