CVE-2023-0594

grafana: cross site scripting

Severity Score

5.4

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

NVD
RedHat

Grafana is an open-source platform for monitoring and observability.

Starting with the 7.0 branch, Grafana had a stored XSS vulnerability in the trace view visualization.

The stored XSS vulnerability was possible due the value of a span's attributes/resources were not properly sanitized and this will be rendered when the span's attributes/resources are expanded.

An attacker needs to have the Editor role in order to change the value of a trace view visualization to contain JavaScript.

This means that vertical privilege escalation is possible, where a user with Editor role can change to a known password for a user having Admin role if the user with Admin role executes malicious JavaScript viewing a dashboard.

Users may upgrade to version 8.5.21, 9.2.13 and 9.3.8 to receive a fix.

A flaw was found in the grafana package. This flaw allows a malicious user with the ability to introduce trace data to provide a JavaScript that changes the password for the user viewing the trace view (this could be an admin) to a known password, thus gaining access to the admin account.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

Required

Scope

Changed

Confidentiality

Low

Integrity

Low

Availability

None

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2023-01-31 CVE Reserved
2023-03-01 CVE Published
2024-08-02 CVE Updated
2024-09-21 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)

CAPEC

CAPEC-592: Stored XSS

References (3)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://grafana.com/security/security-advisories/cve-2023-0594	2023-11-07
https://access.redhat.com/security/cve/CVE-2023-0594	2024-02-08
https://bugzilla.redhat.com/show_bug.cgi?id=2168037	2024-02-08

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Grafana Search vendor "Grafana"		Grafana Search vendor "Grafana" for product "Grafana"				>= 7.0.0 < 8.5.21 Search vendor "Grafana" for product "Grafana" and version " >= 7.0.0 < 8.5.21"		-		Affected
Grafana Search vendor "Grafana"		Grafana Search vendor "Grafana" for product "Grafana"				>= 9.2.0 < 9.2.13 Search vendor "Grafana" for product "Grafana" and version " >= 9.2.0 < 9.2.13"		-		Affected
Grafana Search vendor "Grafana"		Grafana Search vendor "Grafana" for product "Grafana"				>= 9.3.0 < 9.3.8 Search vendor "Grafana" for product "Grafana" and version " >= 9.3.0 < 9.3.8"		-		Affected