CVSS: 6.2EPSS: 0%CPEs: 3EXPL: 1CVE-2023-1410 – Stored XSS in Graphite FunctionDescription tooltip
https://notcve.org/view.php?id=CVE-2023-1410
Grafana is an open-source platform for monitoring and observability. Grafana had a stored XSS vulnerability in the Graphite FunctionDescription tooltip. The stored XSS vulnerability was possible due the value of the Function Description was not properly sanitized. An attacker needs to have control over the Graphite data source in order to manipulate a function description and a Grafana admin needs to configure the data source, later a Grafana user needs to select a tampered function and hover over the description. Users may upgrade to version 8.5.22, 9.2.15 and 9.3.11 to receive a fix. A flaw was found in Grafana. This flaw allows an attacker to host a Graphite instance with modified Function Descriptions containing XSS payloads. When the victim uses it in a query and accidentally hovers over the Function Description, an attacker-controlled XSS payload will be executed. • https://github.com/grafana/bugbounty/security/advisories/GHSA-qrrg-gw7w-vp76 https://grafana.com/security/security-advisories/cve-2023-1410 https://security.netapp.com/advisory/ntap-20230420-0003 https://access.redhat.com/security/cve/CVE-2023-1410 https://bugzilla.redhat.com/show_bug.cgi?id=2181117 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.3EPSS: 0%CPEs: 3EXPL: 0CVE-2023-0594 – grafana: cross site scripting
https://notcve.org/view.php?id=CVE-2023-0594
Grafana is an open-source platform for monitoring and observability. Starting with the 7.0 branch, Grafana had a stored XSS vulnerability in the trace view visualization. The stored XSS vulnerability was possible due the value of a span's attributes/resources were not properly sanitized and this will be rendered when the span's attributes/resources are expanded. An attacker needs to have the Editor role in order to change the value of a trace view visualization to contain JavaScript. This means that vertical privilege escalation is possible, where a user with Editor role can change to a known password for a user having Admin role if the user with Admin role executes malicious JavaScript viewing a dashboard. Users may upgrade to version 8.5.21, 9.2.13 and 9.3.8 to receive a fix. A flaw was found in the grafana package. This flaw allows a malicious user with the ability to introduce trace data to provide a JavaScript that changes the password for the user viewing the trace view (this could be an admin) to a known password, thus gaining access to the admin account. • https://grafana.com/security/security-advisories/cve-2023-0594 https://access.redhat.com/security/cve/CVE-2023-0594 https://bugzilla.redhat.com/show_bug.cgi?id=2168037 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •
CVSS: 6.7EPSS: 0%CPEs: 2EXPL: 0CVE-2022-39324 – Grafana vulnerable to spoofing originalUrl of snapshots
https://notcve.org/view.php?id=CVE-2022-39324
Grafana is an open-source platform for monitoring and observability. Prior to versions 8.5.16 and 9.2.8, malicious user can create a snapshot and arbitrarily choose the `originalUrl` parameter by editing the query, thanks to a web proxy. When another user opens the URL of the snapshot, they will be presented with the regular web interface delivered by the trusted Grafana server. The `Open original dashboard` button no longer points to the to the real original dashboard but to the attacker’s injected URL. This issue is fixed in versions 8.5.16 and 9.2.8. • https://github.com/grafana/grafana/commit/239888f22983010576bb3a9135a7294e88c0c74a https://github.com/grafana/grafana/commit/d7dcea71ea763780dc286792a0afd560bff2985c https://github.com/grafana/grafana/pull/60232 https://github.com/grafana/grafana/pull/60256 https://github.com/grafana/grafana/security/advisories/GHSA-4724-7jwc-3fpw https://access.redhat.com/security/cve/CVE-2022-39324 https://bugzilla.redhat.com/show_bug.cgi?id=2148252 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-472: External Control of Assumed-Immutable Web Parameter •
CVSS: 8.1EPSS: 0%CPEs: 2EXPL: 0CVE-2022-39306 – Grafana contains Improper Input Validation
https://notcve.org/view.php?id=CVE-2022-39306
Grafana is an open-source platform for monitoring and observability. Versions prior to 9.2.4, or 8.5.15 on the 8.X branch, are subject to Improper Input Validation. Grafana admins can invite other members to the organization they are an admin for. When admins add members to the organization, non existing users get an email invite, existing members are added directly to the organization. When an invite link is sent, it allows users to sign up with whatever username/email address the user chooses and become a member of the organization. • https://github.com/grafana/grafana/security/advisories/GHSA-2x6g-h2hg-rq84 https://security.netapp.com/advisory/ntap-20221215-0004 https://access.redhat.com/security/cve/CVE-2022-39306 https://bugzilla.redhat.com/show_bug.cgi?id=2138014 • CWE-20: Improper Input Validation CWE-303: Incorrect Implementation of Authentication Algorithm •
CVSS: 6.7EPSS: 0%CPEs: 2EXPL: 0CVE-2022-39307 – Grafana subject to Exposure of Sensitive Information resulting in User enumeration via forget password
https://notcve.org/view.php?id=CVE-2022-39307
Grafana is an open-source platform for monitoring and observability. When using the forget password on the login page, a POST request is made to the `/api/user/password/sent-reset-email` URL. When the username or email does not exist, a JSON response contains a “user not found” message. This leaks information to unauthenticated users and introduces a security risk. This issue has been patched in 9.2.4 and backported to 8.5.15. • https://github.com/grafana/grafana/security/advisories/GHSA-3p62-42x7-gxg5 https://security.netapp.com/advisory/ntap-20221215-0004 https://access.redhat.com/security/cve/CVE-2022-39307 https://bugzilla.redhat.com/show_bug.cgi?id=2138015 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-209: Generation of Error Message Containing Sensitive Information •