CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 1CVE-2022-23498 – When query caching is enabled in Grafana users can query another users session
https://notcve.org/view.php?id=CVE-2022-23498
Grafana is an open-source platform for monitoring and observability. When datasource query caching is enabled, Grafana caches all headers, including `grafana_session`. As a result, any user that queries a datasource where the caching is enabled can acquire another user’s session. To mitigate the vulnerability you can disable datasource query caching for all datasources. This issue has been patched in versions 9.2.10 and 9.3.4. • https://github.com/grafana/grafana/security/advisories/GHSA-2j8f-6whh-frc8 https://access.redhat.com/security/cve/CVE-2022-23498 https://bugzilla.redhat.com/show_bug.cgi?id=2167266 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.3EPSS: 0%CPEs: 3EXPL: 0CVE-2022-23552 – Grafana stored XSS in FileUploader component
https://notcve.org/view.php?id=CVE-2022-23552
Grafana is an open-source platform for monitoring and observability. Starting with the 8.1 branch and prior to versions 8.5.16, 9.2.10, and 9.3.4, Grafana had a stored XSS vulnerability affecting the core plugin GeoMap. The stored XSS vulnerability was possible because SVG files weren't properly sanitized and allowed arbitrary JavaScript to be executed in the context of the currently authorized user of the Grafana instance. An attacker needs to have the Editor role in order to change a panel to include either an external URL to a SVG-file containing JavaScript, or use the `data:` scheme to load an inline SVG-file containing JavaScript. This means that vertical privilege escalation is possible, where a user with Editor role can change to a known password for a user having Admin role if the user with Admin role executes malicious JavaScript viewing a dashboard. Users may upgrade to version 8.5.16, 9.2.10, or 9.3.4 to receive a fix. • https://github.com/grafana/grafana/commit/1c8a50b36973bd59a1cc5f34c30de8a9a6a431f0 https://github.com/grafana/grafana/commit/8b574e22b53aa4c5a35032a58844fd4aaaa12f5f https://github.com/grafana/grafana/commit/c022534e3848a5d45c0b3face23b43aa44e4400a https://github.com/grafana/grafana/pull/62143 https://github.com/grafana/grafana/security/advisories/GHSA-8xmm-x63g-f6xv https://access.redhat.com/security/cve/CVE-2022-23552 https://bugzilla.redhat.com/show_bug.cgi?id=2158420 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.7EPSS: 0%CPEs: 2EXPL: 0CVE-2022-39324 – Grafana vulnerable to spoofing originalUrl of snapshots
https://notcve.org/view.php?id=CVE-2022-39324
Grafana is an open-source platform for monitoring and observability. Prior to versions 8.5.16 and 9.2.8, malicious user can create a snapshot and arbitrarily choose the `originalUrl` parameter by editing the query, thanks to a web proxy. When another user opens the URL of the snapshot, they will be presented with the regular web interface delivered by the trusted Grafana server. The `Open original dashboard` button no longer points to the to the real original dashboard but to the attacker’s injected URL. This issue is fixed in versions 8.5.16 and 9.2.8. • https://github.com/grafana/grafana/commit/239888f22983010576bb3a9135a7294e88c0c74a https://github.com/grafana/grafana/commit/d7dcea71ea763780dc286792a0afd560bff2985c https://github.com/grafana/grafana/pull/60232 https://github.com/grafana/grafana/pull/60256 https://github.com/grafana/grafana/security/advisories/GHSA-4724-7jwc-3fpw https://access.redhat.com/security/cve/CVE-2022-39324 https://bugzilla.redhat.com/show_bug.cgi?id=2148252 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-472: External Control of Assumed-Immutable Web Parameter •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-44643 – Access policy with access to all tenants and using label selectors has more access
https://notcve.org/view.php?id=CVE-2022-44643
A vulnerability in the label-based access control of Grafana Labs Grafana Enterprise Metrics allows an attacker more access than intended. If an access policy which has label selector restrictions also has been granted access to all tenants in the system, the label selector restrictions will not be applied when using this policy with the affected versions of the software. This issue affects: Grafana Labs Grafana Enterprise Metrics GEM 1.X versions prior to 1.7.1 on AMD64; GEM 2.X versions prior to 2.3.1 on AMD64. Una vulnerabilidad en el control de acceso basado en etiquetas de Grafana Labs Grafana Enterprise Metrics permite a un atacante tener más acceso del previsto. Si a una política de acceso que tiene restricciones del selector de etiquetas también se le ha otorgado acceso a todos los inquilinos del sistema, las restricciones del selector de etiquetas no se aplicarán cuando se use esta política con las versiones afectadas del software. • https://grafana.com/docs/enterprise-metrics/v2.4.x/downloads/#v171----november-14th-2022 https://grafana.com/docs/enterprise-metrics/v2.4.x/downloads/#v231----november-14th-2022 •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2022-46156 – Grafana's default installation of `synthetic-monitoring-agent` exposes sensitive information
https://notcve.org/view.php?id=CVE-2022-46156
The Synthetic Monitoring Agent for Grafana's Synthetic Monitoring application provides probe functionality and executes network checks for monitoring remote targets. Users running the Synthetic Monitoring agent prior to version 0.12.0 in their local network are impacted. The authentication token used to communicate with the Synthetic Monitoring API is exposed through a debugging endpoint. This token can be used to retrieve the Synthetic Monitoring checks created by the user and assigned to the agent identified with that token. The Synthetic Monitoring API will reject connections from already-connected agents, so access to the token does not guarantee access to the checks. • https://github.com/grafana/synthetic-monitoring-agent/commit/d8dc7f9c1c641881cbcf0a09e178b90ebf0f0228 https://github.com/grafana/synthetic-monitoring-agent/pull/373 https://github.com/grafana/synthetic-monitoring-agent/pull/374 https://github.com/grafana/synthetic-monitoring-agent/pull/375 https://github.com/grafana/synthetic-monitoring-agent/releases/tag/v0.12.0 https://github.com/grafana/synthetic-monitoring-agent/security/advisories/GHSA-9j4f-f249-q5w8 • CWE-489: Active Debug Code CWE-749: Exposed Dangerous Method or Function •