2024-10-18 03:20:52
GRAFANA
PUBLISHED
The SQL Expressions experimental feature of Grafana allows for the evaluation of `duckdb` queries containing user input. These queries are insufficiently sanitized before being passed to `duckdb`, leading to a command injection and local file inclusion vulnerability. Any user with the VIEWER or higher permission is capable of executing this attack. The `duckdb` binary must be present in Grafanas $PATH for this attack to function; by default, this binary is not installed in Grafana distributions.