CVSS: 8.7EPSS: 0%CPEs: 5EXPL: 0CVE-2022-31097 – Stored XSS in Grafana's Unified Alerting
https://notcve.org/view.php?id=CVE-2022-31097
Grafana is an open-source platform for monitoring and observability. Versions on the 8.x and 9.x branch prior to 9.0.3, 8.5.9, 8.4.10, and 8.3.10 are vulnerable to stored cross-site scripting via the Unified Alerting feature of Grafana. An attacker can exploit this vulnerability to escalate privilege from editor to admin by tricking an authenticated admin to click on a link. Versions 9.0.3, 8.5.9, 8.4.10, and 8.3.10 contain a patch. As a workaround, it is possible to disable alerting or use legacy alerting. • https://github.com/grafana/grafana/security/advisories/GHSA-vw7q-p2qg-4m5f https://grafana.com/docs/grafana/latest/release-notes/release-notes-8-5-9 https://grafana.com/docs/grafana/latest/release-notes/release-notes-9-0-3 https://grafana.com/docs/grafana/next/release-notes/release-notes-8-4-10 https://security.netapp.com/advisory/ntap-20220901-0010 https://access.redhat.com/security/cve/CVE-2022-31097 https://bugzilla.redhat.com/show_bug.cgi?id=2104365 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 2CVE-2022-32276
https://notcve.org/view.php?id=CVE-2022-32276
Grafana 8.4.3 allows unauthenticated access via (for example) a /dashboard/snapshot/*?orgId=0 URI. NOTE: the vendor considers this a UI bug, not a vulnerability ** EN DISPUTA ** Grafana versión 8.4.3, permite el acceso no autenticado por medio de (por ejemplo) un URI /dashboard/snapshot/*?orgId=0. NOTA: el proveedor considera que esto es un error de la interfaz de usuario, no una vulnerabilidad • https://github.com/BrotherOfJhonny/grafana/blob/main/README.md https://github.com/grafana/grafana/issues/50336 • CWE-287: Improper Authentication •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 3CVE-2022-32275
https://notcve.org/view.php?id=CVE-2022-32275
Grafana 8.4.3 allows reading files via (for example) a /dashboard/snapshot/%7B%7Bconstructor.constructor'/.. /.. /.. /.. /.. /.. /.. /.. /etc/passwd URI. NOTE: the vendor's position is that there is no vulnerability; this request yields a benign error page, not /etc/passwd content ** EN DISPUTA ** Grafana versión 8.4.3, permite leer archivos por medio de (por ejemplo) un /dashboard/snapshot/%7B%7Bconstructor.constructor"/. /.. /.. /.. /.. /.. /.. /.. /etc/passwd URI. NOTA: la posición del proveedor es que no hay ninguna vulnerabilidad; esta petición produce una página de error benigna, no el contenido de /etc/passwd. • https://github.com/BrotherOfJhonny/grafana https://github.com/BrotherOfJhonny/grafana/blob/main/README.md https://github.com/grafana/grafana/issues/50336 https://github.com/grafana/grafana/issues/50341#issuecomment-1155252393 https://grafana.com https://security.netapp.com/advisory/ntap-20220715-0008 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.5EPSS: 0%CPEs: 2EXPL: 1CVE-2022-29170 – Grafana Enterprise datasource network restrictions bypass via HTTP redirects
https://notcve.org/view.php?id=CVE-2022-29170
Grafana is an open-source platform for monitoring and observability. In Grafana Enterprise, the Request security feature allows list allows to configure Grafana in a way so that the instance doesn’t call or only calls specific hosts. The vulnerability present starting with version 7.4.0-beta1 and prior to versions 7.5.16 and 8.5.3 allows someone to bypass these security configurations if a malicious datasource (running on an allowed host) returns an HTTP redirect to a forbidden host. The vulnerability only impacts Grafana Enterprise when the Request security allow list is used and there is a possibility to add a custom datasource to Grafana which returns HTTP redirects. In this scenario, Grafana would blindly follow the redirects and potentially give secure information to the clients. • https://github.com/yijikeji/CVE-2022-29170 https://github.com/grafana/grafana/pull/49240 https://github.com/grafana/grafana/releases/tag/v7.5.16 https://github.com/grafana/grafana/releases/tag/v8.5.3 https://github.com/grafana/grafana/security/advisories/GHSA-9rrr-6fq2-4f99 https://security.netapp.com/advisory/ntap-20220707-0005 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-28660
https://notcve.org/view.php?id=CVE-2022-28660
The querier component in Grafana Enterprise Logs 1.1.x through 1.3.x before 1.4.0 does not require authentication when X-Scope-OrgID is used. Versions 1.2.1, 1.3.1, and 1.4.0 contain the bugfix. This affects -auth.type=enterprise in microservices mode El componente querier en Grafana Enterprise Logs versiones 1.1.x hasta 1.3.x anteriores a 1.4.0, no requiere autenticación cuando es usado X-Scope-OrgID. Las versiones 1.2.1, 1.3.1 y 1.4.0, contienen una corrección de errores. Esto afecta a -auth.type=enterprise en el modo de microservicios • https://grafana.com/docs/enterprise-logs/latest/gel-releases/#v121----may-3-2022 https://security.netapp.com/advisory/ntap-20220707-0004 • CWE-306: Missing Authentication for Critical Function •