CVSS: 7.3EPSS: 0%CPEs: 3EXPL: 0CVE-2023-0507 – grafana: cross site scripting
https://notcve.org/view.php?id=CVE-2023-0507
Grafana is an open-source platform for monitoring and observability. Starting with the 8.1 branch, Grafana had a stored XSS vulnerability affecting the core plugin GeoMap. The stored XSS vulnerability was possible due to map attributions weren't properly sanitized and allowed arbitrary JavaScript to be executed in the context of the currently authorized user of the Grafana instance. An attacker needs to have the Editor role in order to change a panel to include a map attribution containing JavaScript. This means that vertical privilege escalation is possible, where a user with Editor role can change to a known password for a user having Admin role if the user with Admin role executes malicious JavaScript viewing a dashboard. Users may upgrade to version 8.5.21, 9.2.13 and 9.3.8 to receive a fix. A flaw was found in the GeoMap Grafana plugin, where a user can store unsanitized HTML in the GeoMap plugin under the Attribution text field, and the client will process it. The vulnerability makes it possible to use XHR to make arbitrary API calls on behalf of the attacked user. This means that a malicious user with editor permissions could alter a GeoMap panel to include JavaScript that changes the password for the user viewing the panel (this could be an admin) to a known password, thus gaining access to the admin account and resulting as the editor becoming an admin. • https://grafana.com/security/security-advisories/cve-2023-0507 https://security.netapp.com/advisory/ntap-20230413-0001 https://access.redhat.com/security/cve/CVE-2023-0507 https://bugzilla.redhat.com/show_bug.cgi?id=2168038 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 1CVE-2022-23498 – When query caching is enabled in Grafana users can query another users session
https://notcve.org/view.php?id=CVE-2022-23498
Grafana is an open-source platform for monitoring and observability. When datasource query caching is enabled, Grafana caches all headers, including `grafana_session`. As a result, any user that queries a datasource where the caching is enabled can acquire another user’s session. To mitigate the vulnerability you can disable datasource query caching for all datasources. This issue has been patched in versions 9.2.10 and 9.3.4. • https://github.com/grafana/grafana/security/advisories/GHSA-2j8f-6whh-frc8 https://access.redhat.com/security/cve/CVE-2022-23498 https://bugzilla.redhat.com/show_bug.cgi?id=2167266 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.3EPSS: 0%CPEs: 3EXPL: 0CVE-2022-23552 – Grafana stored XSS in FileUploader component
https://notcve.org/view.php?id=CVE-2022-23552
Grafana is an open-source platform for monitoring and observability. Starting with the 8.1 branch and prior to versions 8.5.16, 9.2.10, and 9.3.4, Grafana had a stored XSS vulnerability affecting the core plugin GeoMap. The stored XSS vulnerability was possible because SVG files weren't properly sanitized and allowed arbitrary JavaScript to be executed in the context of the currently authorized user of the Grafana instance. An attacker needs to have the Editor role in order to change a panel to include either an external URL to a SVG-file containing JavaScript, or use the `data:` scheme to load an inline SVG-file containing JavaScript. This means that vertical privilege escalation is possible, where a user with Editor role can change to a known password for a user having Admin role if the user with Admin role executes malicious JavaScript viewing a dashboard. Users may upgrade to version 8.5.16, 9.2.10, or 9.3.4 to receive a fix. • https://github.com/grafana/grafana/commit/1c8a50b36973bd59a1cc5f34c30de8a9a6a431f0 https://github.com/grafana/grafana/commit/8b574e22b53aa4c5a35032a58844fd4aaaa12f5f https://github.com/grafana/grafana/commit/c022534e3848a5d45c0b3face23b43aa44e4400a https://github.com/grafana/grafana/pull/62143 https://github.com/grafana/grafana/security/advisories/GHSA-8xmm-x63g-f6xv https://access.redhat.com/security/cve/CVE-2022-23552 https://bugzilla.redhat.com/show_bug.cgi?id=2158420 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •