CVE-2023-22462
Stored XSS in Grafana Text plugin
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Grafana is an open-source platform for monitoring and observability. On 2023-01-01 during an internal audit of Grafana, a member of the security team found a stored XSS vulnerability affecting the core plugin "Text". The stored XSS vulnerability requires several user interactions in order to be fully exploited. The vulnerability was possible due to React's render cycle that will pass though the unsanitized HTML code, but in the next cycle the HTML is cleaned up and saved in Grafana's database. An attacker needs to have the Editor role in order to change a Text panel to include JavaScript. Another user needs to edit the same Text panel, and click on "Markdown" or "HTML" for the code to be executed. This means that vertical privilege escalation is possible, where a user with Editor role can change to a known password for a user having Admin role if the user with Admin role executes malicious JavaScript viewing a dashboard. This issue has been patched in versions 9.2.10 and 9.3.4.
A flaw was found in the Grafana core plugin, "Text." The vulnerability was possible due to React's render cycle that will pass through unsanitized HTML code. However, the HTML is cleaned and saved in Grafana's database in the next cycle. An attacker needs the Editor role in changing a Text panel to include JavaScript. Later, another user needs to edit the same Text panel and click "Markdown" or "HTML" to execute the code. This issue allows possible vertical privilege escalation, where a user with an Editor role can change to a known password for a user having an Admin role if the user with an Admin role executes malicious JavaScript viewing a dashboard.
CVSS Scores
SSVC
- Decision:Track*
Timeline
- 2022-12-29 CVE Reserved
- 2023-03-02 CVE Published
- 2024-09-22 EPSS Updated
- 2024-10-15 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (6)
URL | Tag | Source |
---|---|---|
https://security.netapp.com/advisory/ntap-20230413-0004 | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://github.com/grafana/grafana/security/advisories/GHSA-7rqg-hjwc-6mjf | 2024-02-01 | |
https://access.redhat.com/security/cve/CVE-2023-22462 | 2024-02-08 | |
https://bugzilla.redhat.com/show_bug.cgi?id=2164936 | 2024-02-08 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Grafana Search vendor "Grafana" | Grafana Search vendor "Grafana" for product "Grafana" | >= 9.2.0 < 9.2.10 Search vendor "Grafana" for product "Grafana" and version " >= 9.2.0 < 9.2.10" | - |
Affected
| ||||||
Grafana Search vendor "Grafana" | Grafana Search vendor "Grafana" for product "Grafana" | >= 9.3.0 < 9.3.4 Search vendor "Grafana" for product "Grafana" and version " >= 9.3.0 < 9.3.4" | - |
Affected
|