CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-31176 – Grafana Image Renderer leaking files
https://notcve.org/view.php?id=CVE-2022-31176
Grafana Image Renderer is a Grafana backend plugin that handles rendering of panels & dashboards to PNGs using a headless browser (Chromium/Chrome). An internal security review identified an unauthorized file disclosure vulnerability. It is possible for a malicious user to retrieve unauthorized files under some network conditions or via a fake datasource (if user has admin permissions in Grafana). All Grafana installations should be upgraded to version 3.6.1 as soon as possible. As a workaround it is possible to [disable HTTP remote rendering](https://grafana.com/docs/grafana/latest/setup-grafana/configure-grafana/#plugingrafana-image-renderer). • https://github.com/grafana/grafana-image-renderer/pull/364 https://github.com/grafana/grafana-image-renderer/security/advisories/GHSA-2cfh-233g-m4c5 https://security.netapp.com/advisory/ntap-20221209-0004 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-306: Missing Authentication for Critical Function •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-31107 – Grafana account takeover via OAuth vulnerability
https://notcve.org/view.php?id=CVE-2022-31107
Grafana is an open-source platform for monitoring and observability. In versions 5.3 until 9.0.3, 8.5.9, 8.4.10, and 8.3.10, it is possible for a malicious user who has authorization to log into a Grafana instance via a configured OAuth IdP which provides a login name to take over the account of another user in that Grafana instance. This can occur when the malicious user is authorized to log in to Grafana via OAuth, the malicious user's external user id is not already associated with an account in Grafana, the malicious user's email address is not already associated with an account in Grafana, and the malicious user knows the Grafana username of the target user. If these conditions are met, the malicious user can set their username in the OAuth provider to that of the target user, then go through the OAuth flow to log in to Grafana. Due to the way that external and internal user accounts are linked together during login, if the conditions above are all met then the malicious user will be able to log in to the target user's Grafana account. • https://github.com/grafana/grafana/security/advisories/GHSA-mx47-6497-3fv2 https://grafana.com/docs/grafana/next/release-notes/release-notes-8-4-10 https://grafana.com/docs/grafana/next/release-notes/release-notes-8-5-9 https://grafana.com/docs/grafana/next/release-notes/release-notes-9-0-3 https://security.netapp.com/advisory/ntap-20220901-0010 https://access.redhat.com/security/cve/CVE-2022-31107 https://bugzilla.redhat.com/show_bug.cgi?id=2104367 • CWE-287: Improper Authentication CWE-863: Incorrect Authorization •
CVSS: 8.7EPSS: 0%CPEs: 5EXPL: 0CVE-2022-31097 – Stored XSS in Grafana's Unified Alerting
https://notcve.org/view.php?id=CVE-2022-31097
Grafana is an open-source platform for monitoring and observability. Versions on the 8.x and 9.x branch prior to 9.0.3, 8.5.9, 8.4.10, and 8.3.10 are vulnerable to stored cross-site scripting via the Unified Alerting feature of Grafana. An attacker can exploit this vulnerability to escalate privilege from editor to admin by tricking an authenticated admin to click on a link. Versions 9.0.3, 8.5.9, 8.4.10, and 8.3.10 contain a patch. As a workaround, it is possible to disable alerting or use legacy alerting. • https://github.com/grafana/grafana/security/advisories/GHSA-vw7q-p2qg-4m5f https://grafana.com/docs/grafana/latest/release-notes/release-notes-8-5-9 https://grafana.com/docs/grafana/latest/release-notes/release-notes-9-0-3 https://grafana.com/docs/grafana/next/release-notes/release-notes-8-4-10 https://security.netapp.com/advisory/ntap-20220901-0010 https://access.redhat.com/security/cve/CVE-2022-31097 https://bugzilla.redhat.com/show_bug.cgi?id=2104365 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 2CVE-2022-32276
https://notcve.org/view.php?id=CVE-2022-32276
Grafana 8.4.3 allows unauthenticated access via (for example) a /dashboard/snapshot/*?orgId=0 URI. NOTE: the vendor considers this a UI bug, not a vulnerability ** EN DISPUTA ** Grafana versión 8.4.3, permite el acceso no autenticado por medio de (por ejemplo) un URI /dashboard/snapshot/*?orgId=0. NOTA: el proveedor considera que esto es un error de la interfaz de usuario, no una vulnerabilidad • https://github.com/BrotherOfJhonny/grafana/blob/main/README.md https://github.com/grafana/grafana/issues/50336 • CWE-287: Improper Authentication •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 3CVE-2022-32275
https://notcve.org/view.php?id=CVE-2022-32275
Grafana 8.4.3 allows reading files via (for example) a /dashboard/snapshot/%7B%7Bconstructor.constructor'/.. /.. /.. /.. /.. /.. /.. /.. /etc/passwd URI. NOTE: the vendor's position is that there is no vulnerability; this request yields a benign error page, not /etc/passwd content ** EN DISPUTA ** Grafana versión 8.4.3, permite leer archivos por medio de (por ejemplo) un /dashboard/snapshot/%7B%7Bconstructor.constructor"/. /.. /.. /.. /.. /.. /.. /.. /etc/passwd URI. NOTA: la posición del proveedor es que no hay ninguna vulnerabilidad; esta petición produce una página de error benigna, no el contenido de /etc/passwd. • https://github.com/BrotherOfJhonny/grafana https://github.com/BrotherOfJhonny/grafana/blob/main/README.md https://github.com/grafana/grafana/issues/50336 https://github.com/grafana/grafana/issues/50341#issuecomment-1155252393 https://grafana.com https://security.netapp.com/advisory/ntap-20220715-0008 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •