CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-31107 – Grafana account takeover via OAuth vulnerability
https://notcve.org/view.php?id=CVE-2022-31107
Grafana is an open-source platform for monitoring and observability. In versions 5.3 until 9.0.3, 8.5.9, 8.4.10, and 8.3.10, it is possible for a malicious user who has authorization to log into a Grafana instance via a configured OAuth IdP which provides a login name to take over the account of another user in that Grafana instance. This can occur when the malicious user is authorized to log in to Grafana via OAuth, the malicious user's external user id is not already associated with an account in Grafana, the malicious user's email address is not already associated with an account in Grafana, and the malicious user knows the Grafana username of the target user. If these conditions are met, the malicious user can set their username in the OAuth provider to that of the target user, then go through the OAuth flow to log in to Grafana. Due to the way that external and internal user accounts are linked together during login, if the conditions above are all met then the malicious user will be able to log in to the target user's Grafana account. • https://github.com/grafana/grafana/security/advisories/GHSA-mx47-6497-3fv2 https://grafana.com/docs/grafana/next/release-notes/release-notes-8-4-10 https://grafana.com/docs/grafana/next/release-notes/release-notes-8-5-9 https://grafana.com/docs/grafana/next/release-notes/release-notes-9-0-3 https://security.netapp.com/advisory/ntap-20220901-0010 https://access.redhat.com/security/cve/CVE-2022-31107 https://bugzilla.redhat.com/show_bug.cgi?id=2104367 • CWE-287: Improper Authentication CWE-863: Incorrect Authorization •
CVSS: 8.7EPSS: 0%CPEs: 5EXPL: 0CVE-2022-31097 – Stored XSS in Grafana's Unified Alerting
https://notcve.org/view.php?id=CVE-2022-31097
Grafana is an open-source platform for monitoring and observability. Versions on the 8.x and 9.x branch prior to 9.0.3, 8.5.9, 8.4.10, and 8.3.10 are vulnerable to stored cross-site scripting via the Unified Alerting feature of Grafana. An attacker can exploit this vulnerability to escalate privilege from editor to admin by tricking an authenticated admin to click on a link. Versions 9.0.3, 8.5.9, 8.4.10, and 8.3.10 contain a patch. As a workaround, it is possible to disable alerting or use legacy alerting. • https://github.com/grafana/grafana/security/advisories/GHSA-vw7q-p2qg-4m5f https://grafana.com/docs/grafana/latest/release-notes/release-notes-8-5-9 https://grafana.com/docs/grafana/latest/release-notes/release-notes-9-0-3 https://grafana.com/docs/grafana/next/release-notes/release-notes-8-4-10 https://security.netapp.com/advisory/ntap-20220901-0010 https://access.redhat.com/security/cve/CVE-2022-31097 https://bugzilla.redhat.com/show_bug.cgi?id=2104365 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 2CVE-2022-32276
https://notcve.org/view.php?id=CVE-2022-32276
Grafana 8.4.3 allows unauthenticated access via (for example) a /dashboard/snapshot/*?orgId=0 URI. NOTE: the vendor considers this a UI bug, not a vulnerability ** EN DISPUTA ** Grafana versión 8.4.3, permite el acceso no autenticado por medio de (por ejemplo) un URI /dashboard/snapshot/*?orgId=0. NOTA: el proveedor considera que esto es un error de la interfaz de usuario, no una vulnerabilidad • https://github.com/BrotherOfJhonny/grafana/blob/main/README.md https://github.com/grafana/grafana/issues/50336 • CWE-287: Improper Authentication •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 3CVE-2022-32275
https://notcve.org/view.php?id=CVE-2022-32275
Grafana 8.4.3 allows reading files via (for example) a /dashboard/snapshot/%7B%7Bconstructor.constructor'/.. /.. /.. /.. /.. /.. /.. /.. /etc/passwd URI. NOTE: the vendor's position is that there is no vulnerability; this request yields a benign error page, not /etc/passwd content ** EN DISPUTA ** Grafana versión 8.4.3, permite leer archivos por medio de (por ejemplo) un /dashboard/snapshot/%7B%7Bconstructor.constructor"/. /.. /.. /.. /.. /.. /.. /.. /etc/passwd URI. NOTA: la posición del proveedor es que no hay ninguna vulnerabilidad; esta petición produce una página de error benigna, no el contenido de /etc/passwd. • https://github.com/BrotherOfJhonny/grafana https://github.com/BrotherOfJhonny/grafana/blob/main/README.md https://github.com/grafana/grafana/issues/50336 https://github.com/grafana/grafana/issues/50341#issuecomment-1155252393 https://grafana.com https://security.netapp.com/advisory/ntap-20220715-0008 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.5EPSS: 0%CPEs: 2EXPL: 1CVE-2022-29170 – Grafana Enterprise datasource network restrictions bypass via HTTP redirects
https://notcve.org/view.php?id=CVE-2022-29170
Grafana is an open-source platform for monitoring and observability. In Grafana Enterprise, the Request security feature allows list allows to configure Grafana in a way so that the instance doesn’t call or only calls specific hosts. The vulnerability present starting with version 7.4.0-beta1 and prior to versions 7.5.16 and 8.5.3 allows someone to bypass these security configurations if a malicious datasource (running on an allowed host) returns an HTTP redirect to a forbidden host. The vulnerability only impacts Grafana Enterprise when the Request security allow list is used and there is a possibility to add a custom datasource to Grafana which returns HTTP redirects. In this scenario, Grafana would blindly follow the redirects and potentially give secure information to the clients. • https://github.com/yijikeji/CVE-2022-29170 https://github.com/grafana/grafana/pull/49240 https://github.com/grafana/grafana/releases/tag/v7.5.16 https://github.com/grafana/grafana/releases/tag/v8.5.3 https://github.com/grafana/grafana/security/advisories/GHSA-9rrr-6fq2-4f99 https://security.netapp.com/advisory/ntap-20220707-0005 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •