$12,000 Grafana SSRF in Gitlab – Bug Bounty Reporting Explained

$12,000 Grafana SSRF in Gitlab – Bug Bounty Reporting Explained

HomeBug Bounty Reports Explained$12,000 Grafana SSRF in Gitlab – Bug Bounty Reporting Explained
Bug Bounty Reports Explained Available on Youtube Published 4 years ago
$12,000 Grafana SSRF in Gitlab – Bug Bounty Reporting Explained
ChannelPublish DateThumbnail & View CountDownload Video
Channel AvatarPublish Date not found Thumbnail
0 Views
View on YouTube Download Video
Subscribe to BBRE Premium: https://bbre.dev/premium
️ Sign up for the mailing list: https://bbre.dev/nl
Follow me on Twitter: https://bbre.dev/tw

This video is about the SSRF vulnerability in Grafana that was reported to Gitlab's bug bounty program on Hackerone. The reward for this bug was $12,000 because it was possible to request an AWS metadata endpoint.

Follow me on Twitter:
https://twitter.com/gregxsunday

Report:
https://hackerone.com/reports/878779

Justin Gardner:
https://twitter.com/Rhynorater

His lecture on this topic – talks about further possibilities of exploitation:
Description:
https://rhynorater.github.io/CVE-2020-13379-Write-Up
Video:
https://youtu.be/NWHOmYbLrZ0
Slides: https://docs.google.com/presentation/d/1He_zFFXCuft3LsZTXbHKoDxQHNoSveZg2c2uF1HKuaw/edit

Fragments of the vulnerable Grafana source code:
https://github.com/grafana/grafana/blob/78febbbeef1f23ccbb88c2bd3acd2e9c2011e02a/pkg/api/api.go#L423
https://github.com/grafana/grafana/blob/78febbbeef1f23ccbb88c2bd3acd2e9c2011e02a/pkg/api/avatar/avatar.go

Time stamp:
00:00 Introduction
00:24 Redirect chain
03:56 Payload
04:24 Outro

#grafana #ssrf #gitlab #bug #bounty

Please take the opportunity to connect with your friends and family and share this video with them if you find it useful.