HTTP: Grafana Labs Grafana SQL Expressions Command Injection and Local File Inclusion
This signature detects attempts to exploit a known vulnerability against Grafana Labs. A successful attack can lead to command injection and arbitrary code execution.
Extended Description
The SQL Expressions experimental feature of Grafana allows for the evaluation of `duckdb` queries containing user input. These queries are insufficiently sanitized before being passed to `duckdb`, leading to a command injection and local file inclusion vulnerability. Any user with the VIEWER or higher permission is capable of executing this attack. The `duckdb` binary must be present in Grafana's $PATH for this attack to function; by default, this binary is not installed in Grafana distributions.
Affected Products
Grafana grafana
References
CVE: CVE-2024-9264
Short Name
HTTP:CTS:GRAFANA-LABS-CMDINJ
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
CVE-2024-9264 Command Expressions File Grafana Inclusion Injection Labs Local SQL and
Release Date
12/10/2024
Supported Platforms
mx-19.3
vmx-19.3
vsrx-19.2
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-19.4
vsrx3bsd-19.4
srx-branch-19.4
vsrx-19.4
vmx-19.4
mx-19.4
srxevo-25.4
vsrx-26.2
srx-26.2
srx-branch-26.2
vsrx3bsd-26.2
mx-12.3
srx-12.3
srx-branch-12.3
vsrx-12.3
Sigpack Version
3821
False Positive
Unknown
Vendors
Grafana