Page 4 of 73 results (0.004 seconds)

CVSS: 6.4EPSS: 0%CPEs: 2EXPL: 0

Grafana is an open-source platform for monitoring and observability. On 2023-01-01 during an internal audit of Grafana, a member of the security team found a stored XSS vulnerability affecting the core plugin "Text". The stored XSS vulnerability requires several user interactions in order to be fully exploited. The vulnerability was possible due to React's render cycle that will pass though the unsanitized HTML code, but in the next cycle the HTML is cleaned up and saved in Grafana's database. An attacker needs to have the Editor role in order to change a Text panel to include JavaScript. • https://github.com/grafana/grafana/commit/db83d5f398caffe35c5846cfa7727d1a2a414165 https://github.com/grafana/grafana/security/advisories/GHSA-7rqg-hjwc-6mjf https://grafana.com/blog/2023/02/28/grafana-security-release-new-versions-with-security-fixes-for-cve-2023-0594-cve-2023-0507-and-cve-2023-22462 https://security.netapp.com/advisory/ntap-20230413-0004 https://access.redhat.com/security/cve/CVE-2023-22462 https://bugzilla.redhat.com/show_bug.cgi?id=2164936 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.3EPSS: 0%CPEs: 3EXPL: 0

Grafana is an open-source platform for monitoring and observability. Starting with the 7.0 branch, Grafana had a stored XSS vulnerability in the trace view visualization. The stored XSS vulnerability was possible due the value of a span's attributes/resources were not properly sanitized and this will be rendered when the span's attributes/resources are expanded. An attacker needs to have the Editor role in order to change the value of a trace view visualization to contain JavaScript. This means that vertical privilege escalation is possible, where a user with Editor role can change to a known password for a user having Admin role if the user with Admin role executes malicious JavaScript viewing a dashboard. Users may upgrade to version 8.5.21, 9.2.13 and 9.3.8 to receive a fix. A flaw was found in the grafana package. This flaw allows a malicious user with the ability to introduce trace data to provide a JavaScript that changes the password for the user viewing the trace view (this could be an admin) to a known password, thus gaining access to the admin account. • https://grafana.com/security/security-advisories/cve-2023-0594 https://access.redhat.com/security/cve/CVE-2023-0594 https://bugzilla.redhat.com/show_bug.cgi?id=2168037 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •

CVSS: 7.3EPSS: 0%CPEs: 3EXPL: 0

Grafana is an open-source platform for monitoring and observability. Starting with the 8.1 branch, Grafana had a stored XSS vulnerability affecting the core plugin GeoMap. The stored XSS vulnerability was possible due to map attributions weren't properly sanitized and allowed arbitrary JavaScript to be executed in the context of the currently authorized user of the Grafana instance. An attacker needs to have the Editor role in order to change a panel to include a map attribution containing JavaScript. This means that vertical privilege escalation is possible, where a user with Editor role can change to a known password for a user having Admin role if the user with Admin role executes malicious JavaScript viewing a dashboard. Users may upgrade to version 8.5.21, 9.2.13 and 9.3.8 to receive a fix. A flaw was found in the GeoMap Grafana plugin, where a user can store unsanitized HTML in the GeoMap plugin under the Attribution text field, and the client will process it. The vulnerability makes it possible to use XHR to make arbitrary API calls on behalf of the attacked user. This means that a malicious user with editor permissions could alter a GeoMap panel to include JavaScript that changes the password for the user viewing the panel (this could be an admin) to a known password, thus gaining access to the admin account and resulting as the editor becoming an admin. • https://grafana.com/security/security-advisories/cve-2023-0507 https://security.netapp.com/advisory/ntap-20230413-0001 https://access.redhat.com/security/cve/CVE-2023-0507 https://bugzilla.redhat.com/show_bug.cgi?id=2168038 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •

CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 1

Grafana is an open-source platform for monitoring and observability. When datasource query caching is enabled, Grafana caches all headers, including `grafana_session`. As a result, any user that queries a datasource where the caching is enabled can acquire another user’s session. To mitigate the vulnerability you can disable datasource query caching for all datasources. This issue has been patched in versions 9.2.10 and 9.3.4. • https://github.com/grafana/grafana/security/advisories/GHSA-2j8f-6whh-frc8 https://access.redhat.com/security/cve/CVE-2022-23498 https://bugzilla.redhat.com/show_bug.cgi?id=2167266 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 7.3EPSS: 0%CPEs: 3EXPL: 0

Grafana is an open-source platform for monitoring and observability. Starting with the 8.1 branch and prior to versions 8.5.16, 9.2.10, and 9.3.4, Grafana had a stored XSS vulnerability affecting the core plugin GeoMap. The stored XSS vulnerability was possible because SVG files weren't properly sanitized and allowed arbitrary JavaScript to be executed in the context of the currently authorized user of the Grafana instance. An attacker needs to have the Editor role in order to change a panel to include either an external URL to a SVG-file containing JavaScript, or use the `data:` scheme to load an inline SVG-file containing JavaScript. This means that vertical privilege escalation is possible, where a user with Editor role can change to a known password for a user having Admin role if the user with Admin role executes malicious JavaScript viewing a dashboard. Users may upgrade to version 8.5.16, 9.2.10, or 9.3.4 to receive a fix. • https://github.com/grafana/grafana/commit/1c8a50b36973bd59a1cc5f34c30de8a9a6a431f0 https://github.com/grafana/grafana/commit/8b574e22b53aa4c5a35032a58844fd4aaaa12f5f https://github.com/grafana/grafana/commit/c022534e3848a5d45c0b3face23b43aa44e4400a https://github.com/grafana/grafana/pull/62143 https://github.com/grafana/grafana/security/advisories/GHSA-8xmm-x63g-f6xv https://access.redhat.com/security/cve/CVE-2022-23552 https://bugzilla.redhat.com/show_bug.cgi?id=2158420 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •