FreshPorts - VuXML
This page displays vulnerability information about FreeBSD Ports.
The VUXML data was last processed by FreshPorts on 2024-04-19 20:48:44 UTC
List all Vulnerabilities, by package
List all Vulnerabilities, by date
k68
These are the vulnerabilities relating to the commit you have selected:
VuXML ID | Description |
e6281d88-a7a7-11ed-8d6a-6c3be5272acd | Grafana -- Spoofing originalUrl of snapshots
Grafana Labs reports:
A third-party penetration test of Grafana found a vulnerability
in the snapshot functionality. The value of the originalUrl parameter
is automatically generated. The purpose of the presented originalUrl parameter
is to provide a user who views the snapshot with the possibility to click
on the Local Snapshot button in the Grafana web UI
and be presented with the dashboard that the snapshot captured. The value
of the originalUrl parameter can be arbitrarily chosen by a malicious user that
creates the snapshot. (Note: This can be done by editing the query thanks
to a web proxy like Burp.)
We have assessed this vulnerability as having a CVSS score of 6.7 MEDIUM
(CVSS:6.7/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:L).
Discovery 2023-01-25 Entry 2023-02-09 grafana
ge 8.0.0 lt 8.5.16
ge 9.0.0 lt 9.2.10
ge 9.3.0 lt 9.3.4
grafana8
ge 8.0.0 lt 8.5.16
grafana9
ge 9.0.0 lt 9.2.10
ge 9.3.0 lt 9.3.4
CVE-2022-39324
https://github.com/grafana/grafana/security/advisories/GHSA-4724-7jwc-3fpw
|