发布时间: 2024年10月25日
修改时间: 2024年10月25日
The SQL Expressions experimental feature of Grafana allows for the evaluation of `duckdb` queries containing user input. These queries are insufficiently sanitized before being passed to `duckdb`, leading to a command injection and local file inclusion vulnerability. Any user with the VIEWER or higher permission is capable of executing this attack. The `duckdb` binary must be present in Grafana's $PATH for this attack to function; by default, this binary is not installed in Grafana distributions.
| NVD | openEuler | |
|---|---|---|
| CVSS评分 | 9.4 | 9.9 |
| Attack Vector | Network | Network |
| Attack Complexity | Low | Low |
| Privileges Required | Low | Low |
| User Interaction | None | None |
| Scope | Changed | |
| Confidentiality | High | |
| Integrity | High | |
| Availability | High |
| 公告名 | 概要 | 发布时间 |
|---|---|---|
| KylinSec-SA-2024-4038 | The SQL Expressions experimental feature of Grafana allows for the evaluation of `duckdb` queries containing user input. These queries are insufficiently sanitized before being passed to `duckdb`, leading to a command injection and local file inclusion vulnerability. Any user with the VIEWER or higher permission is capable of executing this attack. The `duckdb` binary must be present in Grafana's $PATH for this attack to function; by default, this binary is not installed in Grafana distributions. | 2024年10月25日 |
| 产品 | 包 | 状态 |
|---|---|---|
| KY3.4-5A | grafana | Unaffected |
| KY3.5.2 | grafana | Unaffected |
| V6 | grafana | Unaffected |
