CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 1CVE-2023-1387 – grafana: JWT token leak to data source
https://notcve.org/view.php?id=CVE-2023-1387
Grafana is an open-source platform for monitoring and observability. Starting with the 9.1 branch, Grafana introduced the ability to search for a JWT in the URL query parameter auth_token and use it as the authentication token. By enabling the "url_login" configuration option (disabled by default), a JWT might be sent to data sources. If an attacker has access to the data source, the leaked token could be used to authenticate to Grafana. A flaw was found in Grafana. This flaw allows a remote, authenticated attacker to obtain sensitive information caused by an issue when enabling the "url_login" configuration option. By sending a specially crafted request, an attacker can obtain JWT information and use this to launch further attacks against the affected system. • https://github.com/grafana/bugbounty/security/advisories/GHSA-5585-m9r5-p86j https://grafana.com/security/security-advisories/cve-2023-1387 https://security.netapp.com/advisory/ntap-20230609-0003 https://access.redhat.com/security/cve/CVE-2023-1387 https://bugzilla.redhat.com/show_bug.cgi?id=2186322 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.2EPSS: 0%CPEs: 3EXPL: 1CVE-2023-1410 – Stored XSS in Graphite FunctionDescription tooltip
https://notcve.org/view.php?id=CVE-2023-1410
Grafana is an open-source platform for monitoring and observability. Grafana had a stored XSS vulnerability in the Graphite FunctionDescription tooltip. The stored XSS vulnerability was possible due the value of the Function Description was not properly sanitized. An attacker needs to have control over the Graphite data source in order to manipulate a function description and a Grafana admin needs to configure the data source, later a Grafana user needs to select a tampered function and hover over the description. Users may upgrade to version 8.5.22, 9.2.15 and 9.3.11 to receive a fix. A flaw was found in Grafana. This flaw allows an attacker to host a Graphite instance with modified Function Descriptions containing XSS payloads. When the victim uses it in a query and accidentally hovers over the Function Description, an attacker-controlled XSS payload will be executed. • https://github.com/grafana/bugbounty/security/advisories/GHSA-qrrg-gw7w-vp76 https://grafana.com/security/security-advisories/cve-2023-1410 https://security.netapp.com/advisory/ntap-20230420-0003 https://access.redhat.com/security/cve/CVE-2023-1410 https://bugzilla.redhat.com/show_bug.cgi?id=2181117 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 2EXPL: 0CVE-2023-22462 – Stored XSS in Grafana Text plugin
https://notcve.org/view.php?id=CVE-2023-22462
Grafana is an open-source platform for monitoring and observability. On 2023-01-01 during an internal audit of Grafana, a member of the security team found a stored XSS vulnerability affecting the core plugin "Text". The stored XSS vulnerability requires several user interactions in order to be fully exploited. The vulnerability was possible due to React's render cycle that will pass though the unsanitized HTML code, but in the next cycle the HTML is cleaned up and saved in Grafana's database. An attacker needs to have the Editor role in order to change a Text panel to include JavaScript. • https://github.com/grafana/grafana/commit/db83d5f398caffe35c5846cfa7727d1a2a414165 https://github.com/grafana/grafana/security/advisories/GHSA-7rqg-hjwc-6mjf https://grafana.com/blog/2023/02/28/grafana-security-release-new-versions-with-security-fixes-for-cve-2023-0594-cve-2023-0507-and-cve-2023-22462 https://security.netapp.com/advisory/ntap-20230413-0004 https://access.redhat.com/security/cve/CVE-2023-22462 https://bugzilla.redhat.com/show_bug.cgi?id=2164936 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.3EPSS: 0%CPEs: 3EXPL: 0CVE-2023-0594 – grafana: cross site scripting
https://notcve.org/view.php?id=CVE-2023-0594
Grafana is an open-source platform for monitoring and observability. Starting with the 7.0 branch, Grafana had a stored XSS vulnerability in the trace view visualization. The stored XSS vulnerability was possible due the value of a span's attributes/resources were not properly sanitized and this will be rendered when the span's attributes/resources are expanded. An attacker needs to have the Editor role in order to change the value of a trace view visualization to contain JavaScript. This means that vertical privilege escalation is possible, where a user with Editor role can change to a known password for a user having Admin role if the user with Admin role executes malicious JavaScript viewing a dashboard. Users may upgrade to version 8.5.21, 9.2.13 and 9.3.8 to receive a fix. A flaw was found in the grafana package. This flaw allows a malicious user with the ability to introduce trace data to provide a JavaScript that changes the password for the user viewing the trace view (this could be an admin) to a known password, thus gaining access to the admin account. • https://grafana.com/security/security-advisories/cve-2023-0594 https://access.redhat.com/security/cve/CVE-2023-0594 https://bugzilla.redhat.com/show_bug.cgi?id=2168037 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •
CVSS: 7.3EPSS: 0%CPEs: 3EXPL: 0CVE-2023-0507 – grafana: cross site scripting
https://notcve.org/view.php?id=CVE-2023-0507
Grafana is an open-source platform for monitoring and observability. Starting with the 8.1 branch, Grafana had a stored XSS vulnerability affecting the core plugin GeoMap. The stored XSS vulnerability was possible due to map attributions weren't properly sanitized and allowed arbitrary JavaScript to be executed in the context of the currently authorized user of the Grafana instance. An attacker needs to have the Editor role in order to change a panel to include a map attribution containing JavaScript. This means that vertical privilege escalation is possible, where a user with Editor role can change to a known password for a user having Admin role if the user with Admin role executes malicious JavaScript viewing a dashboard. Users may upgrade to version 8.5.21, 9.2.13 and 9.3.8 to receive a fix. A flaw was found in the GeoMap Grafana plugin, where a user can store unsanitized HTML in the GeoMap plugin under the Attribution text field, and the client will process it. The vulnerability makes it possible to use XHR to make arbitrary API calls on behalf of the attacked user. This means that a malicious user with editor permissions could alter a GeoMap panel to include JavaScript that changes the password for the user viewing the panel (this could be an admin) to a known password, thus gaining access to the admin account and resulting as the editor becoming an admin. • https://grafana.com/security/security-advisories/cve-2023-0507 https://security.netapp.com/advisory/ntap-20230413-0001 https://access.redhat.com/security/cve/CVE-2023-0507 https://bugzilla.redhat.com/show_bug.cgi?id=2168038 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •