Summary: Grafana path traversal vulnerabilities have been exploited as part of a larger campaign targeting server-side request forgery (SSRF) flaws across multiple platforms, according to GreyNoise. Over 400 IP addresses have been identified as orchestrating these coordinated attacks, reflecting potential automation in their exploitation strategies. The attacks primarily focused on entities in specific countries, suggesting a directed effort in reconnaissance and exploitation of vulnerabilities.
Affected: Zimbra, GitLab, DotNetNuke, VMware, ColumbiaSoft, Ivanti, BerriAI, OpenBMCS
Keypoints :
- Over 400 IPs were reported targeting multiple SSRF vulnerabilities simultaneously.
- Grafana path traversal attempts have been observed preceding the surge in coordinated SSRF attacks.
- The exploitation allows attackers to identify internal network vulnerabilities and steal credentials, posing serious security risks.
- Previous exploitation of Grafana vulnerabilities facilitated unauthorized access to critical internal data.
- The unusual timing suggests a multi-phase attack strategy focusing on mapping exposed infrastructure before executing further attacks.
Source: https://www.securityweek.com/grafana-flaws-likely-targeted-in-broad-ssrf-exploitation-campaign/