ГлавнаяУязвимости → CVE-2024-5526
7.7высокая

CVE-2024-5526

→ есть в БДУ: BDU:2024-04492 (на русском)
Описание (на английском; русское — в БДУ выше)

Grafana OnCall is an easy-to-use on-call management tool that will help reduce toil in on-call management through simpler workflows and interfaces that are tailored specifically for engineers. Grafana OnCall, from version 1.1.37 before 1.5.2 are vulnerable to a Server Side Request Forgery (SSRF) vulnerability in the webhook functionallity. This issue was fixed in version 1.5.2

Затрагиваемое ПО
Grafana Oncall
CVSS
Балл7.7 — высокая
ВекторCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
Источники
https://grafana.com/security/security-advisories/cve-2024-5526/https://grafana.com/security/security-advisories/cve-2024-5526/