FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-19 20:48:44 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
e6281d88-a7a7-11ed-8d6a-6c3be5272acdGrafana -- Spoofing originalUrl of snapshots

Grafana Labs reports:

A third-party penetration test of Grafana found a vulnerability in the snapshot functionality. The value of the originalUrl parameter is automatically generated. The purpose of the presented originalUrl parameter is to provide a user who views the snapshot with the possibility to click on the Local Snapshot button in the Grafana web UI and be presented with the dashboard that the snapshot captured. The value of the originalUrl parameter can be arbitrarily chosen by a malicious user that creates the snapshot. (Note: This can be done by editing the query thanks to a web proxy like Burp.)

We have assessed this vulnerability as having a CVSS score of 6.7 MEDIUM (CVSS:6.7/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:L).


Discovery 2023-01-25
Entry 2023-02-09
grafana
ge 8.0.0 lt 8.5.16

ge 9.0.0 lt 9.2.10

ge 9.3.0 lt 9.3.4

grafana8
ge 8.0.0 lt 8.5.16

grafana9
ge 9.0.0 lt 9.2.10

ge 9.3.0 lt 9.3.4

CVE-2022-39324
https://github.com/grafana/grafana/security/advisories/GHSA-4724-7jwc-3fpw