CVE-2023-5122 – SSRF in CSV Datasource Plugin
https://notcve.org/view.php?id=CVE-2023-5122
Grafana is an open-source platform for monitoring and observability. The CSV datasource plugin is a Grafana Labs maintained plugin for Grafana that allows for retrieving and processing CSV data from a remote endpoint configured by an administrator. If this plugin was configured to send requests to a bare host with no path (e.g. https://www.example.com/ https://www.example.com/` ), requests to an endpoint other than the one configured by the administrator could be triggered by a specially crafted request from any user, resulting in an SSRF vector. AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator Grafana es una plataforma de código abierto para monitoreo y observabilidad. • https://grafana.com/security/security-advisories/cve-2023-5122 https://security.netapp.com/advisory/ntap-20240503-0002 • CWE-918: Server-Side Request Forgery (SSRF) •
CVE-2023-5123 – Improper Path Sanitization in JSON Datasource Plugin
https://notcve.org/view.php?id=CVE-2023-5123
The JSON datasource plugin ( https://grafana.com/grafana/plugins/marcusolsson-json-datasource/ ) is a Grafana Labs maintained plugin for Grafana that allows for retrieving and processing JSON data from a remote endpoint (including a specific sub-path) configured by an administrator. Due to inadequate sanitization of the dashboard-supplied path parameter, it was possible to include path traversal characters (../) in the path parameter and send requests to paths on the configured endpoint outside the configured sub-path. This means that if the datasource was configured by an administrator to point at some sub-path of a domain (e.g. https://example.com/api/some_safe_api/ ), it was possible for an editor to create a dashboard referencing the datasource which issues queries containing path traversal characters, which would in turn cause the datasource to instead query arbitrary subpaths on the configured domain (e.g. https://example.com/api/admin_api/) . In the rare case that this plugin is configured by an administrator to point back at the Grafana instance itself, this vulnerability becomes considerably more severe, as an administrator browsing a maliciously configured panel could be compelled to make requests to Grafana administrative API endpoints with their credentials, resulting in the potential for privilege escalation, hence the high score for this vulnerability. El complemento de fuente de datos JSON (https://grafana.com/grafana/plugins/marcusolsson-json-datasource/ https://grafana.com/grafana/plugins/marcusolsson-json-datasource/) es un complemento mantenido por Grafana Labs para Grafana que permite recuperar y procesar datos JSON desde un endpoint remoto (incluida una subruta específica) configurado por un administrador. • https://grafana.com/security/security-advisories/cve-2023-5123 https://security.netapp.com/advisory/ntap-20240503-0007 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2023-6152
https://notcve.org/view.php?id=CVE-2023-6152
A user changing their email after signing up and verifying it can change it without verification in profile settings. The configuration option "verify_email_enabled" will only validate email only on sign up. Un usuario que cambia su correo electrónico después de registrarse y verificarlo puede cambiarlo sin verificación en la configuración del perfil. La opción de configuración "verify_email_enabled" solo validará el correo electrónico al registrarse. • https://github.com/grafana/bugbounty/security/advisories/GHSA-3hv4-r2fm-h27f https://grafana.com/security/security-advisories/cve-2023-6152 • CWE-863: Incorrect Authorization •
CVE-2023-3010
https://notcve.org/view.php?id=CVE-2023-3010
Grafana is an open-source platform for monitoring and observability. The WorldMap panel plugin, versions before 1.0.4 contains a DOM XSS vulnerability. Grafana es una plataforma de código abierto para monitorización y observabilidad. El complemento del panel WorldMap, versiones anteriores a la 1.0.4, contiene una vulnerabilidad de DOM XSS. • https://grafana.com/security/security-advisories/cve-2023-3010 https://security.netapp.com/advisory/ntap-20240503-0001 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2023-4399
https://notcve.org/view.php?id=CVE-2023-4399
Grafana is an open-source platform for monitoring and observability. In Grafana Enterprise, Request security is a deny list that allows admins to configure Grafana in a way so that the instance doesn’t call specific hosts. However, the restriction can be bypassed used punycode encoding of the characters in the request address. Grafana es una plataforma de código abierto para monitorización y observabilidad. En Grafana Enterprise, la seguridad de solicitudes es una lista de denegación que permite a los administradores configurar Grafana de manera que la instancia no llame a hosts específicos. Sin embargo, la restricción se puede eludir utilizando la codificaciówn punycode de los caracteres en la dirección de solicitud. • https://grafana.com/security/security-advisories/cve-2023-4399 https://security.netapp.com/advisory/ntap-20231208-0003 • CWE-183: Permissive List of Allowed Inputs •