| VuXML ID | Description |
|---|
| fdbe9aec-118b-11ee-908a-6c3be5272acd | Grafana -- Account takeover / authentication bypass
Grafana Labs reports:
Grafana validates Azure Active Directory accounts based on the email claim.
On Azure AD, the profile email field is not unique across Azure AD tenants.
This can enable a Grafana account takeover and authentication bypass when
Azure AD OAuth is configured with a multi-tenant Azure AD OAuth application.
The CVSS score for this vulnerability is 9.4 Critical.
Discovery 2023-06-22
Entry 2023-06-23
grafana
ge 6.7.0 lt 8.5.27
ge 9.0.0 lt 9.2.20
ge 9.3.0 lt 9.3.16
ge 9.4.0 lt 9.4.13
ge 9.5.0 lt 9.5.5
ge 10.0.0 lt 10.0.1
grafana8
< 8.5.27
grafana9
< 9.2.20
ge 9.3.0 lt 9.3.16
ge 9.4.0 lt 9.4.13
ge 9.5.0 lt 9.5.5
grafana10
< 10.0.1
CVE-2023-3128
https://grafana.com/security/security-advisories/cve-2023-3128
|
| 0b85b1cd-e468-11ed-834b-6c3be5272acd | Grafana -- Critical vulnerability in golang
Grafana Labs reports:
An issue in how go handles backticks (`) with Javascript can lead to
an injection of arbitrary code into go templates. While Grafana Labs software
contains potentially vulnerable versions of go, we have not identified any
exploitable use cases at this time.
The CVSS score for this vulnerability is 0.0 (adjusted), 9.8 (base).
Discovery 2023-04-19
Entry 2023-04-26
grafana
< 8.5.24
ge 9.0.0 lt 9.2.17
ge 9.3.0 lt 9.3.13
ge 9.4.0 lt 9.4.9
grafana8
< 8.5.24
grafana9
< 9.2.17
ge 9.3.0 lt 9.3.13
ge 9.4.0 lt 9.4.9
CVE-2023-24538
https://grafana.com/blog/2023/04/26/precautionary-patches-for-grafana-released-following-critical-go-vulnerability-cve-2023-24538/
|
| 955eb3cc-ce0b-11ed-825f-6c3be5272acd | Grafana -- Stored XSS in Graphite FunctionDescription tooltip
Grafana Labs reports:
When a user adds a Graphite data source, they can then use the data source
in a dashboard. This capability contains a feature to use Functions. Once
a function is selected, a small tooltip appears when hovering over the name
of the function. This tooltip allows you to delete the selected Function
from your query or show the Function Description. However, no sanitization
is done when adding this description to the DOM.
Since it is not uncommon to connect to public data sources, an attacker
could host a Graphite instance with modified Function Descriptions containing
XSS payloads. When the victim uses it in a query and accidentally hovers
over the Function Description, an attacker-controlled XSS payload
will be executed.
The severity of this vulnerability is of CVSSv3.1 5.7 Medium
(CVSS: AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N (5.7)).
Discovery 2023-03-14
Entry 2023-03-29
grafana
< 8.5.22
ge 9.0.0 lt 9.2.15
ge 9.3.0 lt 9.3.11
ge 9.4.0 lt 9.4.7
grafana8
< 8.5.22
grafana9
< 9.2.15
ge 9.3.0 lt 9.3.11
ge 9.4.0 lt 9.4.7
CVE-2023-1410
https://grafana.com/security/security-advisories/cve-2023-1410/
|
| e6281d88-a7a7-11ed-8d6a-6c3be5272acd | Grafana -- Spoofing originalUrl of snapshots
Grafana Labs reports:
A third-party penetration test of Grafana found a vulnerability
in the snapshot functionality. The value of the originalUrl parameter
is automatically generated. The purpose of the presented originalUrl parameter
is to provide a user who views the snapshot with the possibility to click
on the Local Snapshot button in the Grafana web UI
and be presented with the dashboard that the snapshot captured. The value
of the originalUrl parameter can be arbitrarily chosen by a malicious user that
creates the snapshot. (Note: This can be done by editing the query thanks
to a web proxy like Burp.)
We have assessed this vulnerability as having a CVSS score of 6.7 MEDIUM
(CVSS:6.7/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:L).
Discovery 2023-01-25
Entry 2023-02-09
grafana
ge 8.0.0 lt 8.5.16
ge 9.0.0 lt 9.2.10
ge 9.3.0 lt 9.3.4
grafana8
ge 8.0.0 lt 8.5.16
grafana9
ge 9.0.0 lt 9.2.10
ge 9.3.0 lt 9.3.4
CVE-2022-39324
https://github.com/grafana/grafana/security/advisories/GHSA-4724-7jwc-3fpw
|
| 6dccc186-b824-11ed-b695-6c3be5272acd | Grafana -- Stored XSS in text panel plugin
Grafana Labs reports:
During an internal audit of Grafana on January 1, a member of the security
team found a stored XSS vulnerability affecting the core text plugin.
The stored XSS vulnerability requires several user interactions in order
to be fully exploited. The vulnerability was possible due to ReactâÂÂs render
cycle that will pass through the unsanitized HTML code, but in the next cycle,
the HTML is cleaned up and saved in GrafanaâÂÂs database.
The CVSS score for this vulnerability is 6.4 Medium
(CVSS:6.4/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N).
Discovery 2023-01-01
Entry 2023-03-01
grafana
ge 9.2.0 lt 9.2.10
ge 9.3.0 lt 9.3.4
grafana9
ge 9.2.0 lt 9.2.10
ge 9.3.0 lt 9.3.4
CVE-2023-22462
https://github.com/grafana/grafana/security/advisories/GHSA-7rqg-hjwc-6mjf
|
| e7841611-b808-11ed-b695-6c3be5272acd | Grafana -- Stored XSS in TraceView panel
Grafana Labs reports:
During an internal audit of Grafana on January 30, a member
of the engineering team found a stored XSS vulnerability affecting
the TraceView panel.
The stored XSS vulnerability was possible because the value of a spanâÂÂs
attributes/resources were not properly sanitized, and this will be rendered
when the spanâÂÂs attributes/resources are expanded.
The CVSS score for this vulnerability is 7.3 High
(CVSS:7.3/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N).
Discovery 2023-01-30
Entry 2023-03-01
grafana
< 8.5.21
ge 9.0.0 lt 9.2.13
ge 9.3.0 lt 9.3.8
grafana8
< 8.5.21
grafana9
ge 9.0.0 lt 9.2.13
ge 9.3.0 lt 9.3.8
CVE-2023-0594
https://grafana.com/blog/2023/02/28/grafana-security-release-new-versions-with-security-fixes-for-cve-2023-0594-cve-2023-0507-and-cve-2023-22462/
|
| 6c1de144-056f-11ee-8e16-6c3be5272acd | Grafana -- Broken access control: viewer can send test alerts
Grafana Labs reports:
Grafana can allow an attacker in the Viewer role
to send alerts by API Alert - Test. This option,
however, is not available in the user panel UI for the Viewer role.
The CVSS score for this vulnerability is 4.1 Medium
(CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N).
Discovery 2023-06-06
Entry 2023-06-07
grafana
ge 8.0.0 lt 8.5.26
ge 9.0.0 lt 9.2.19
ge 9.3.0 lt 9.3.15
ge 9.4.0 lt 9.4.12
ge 9.5.0 lt 9.5.3
grafana8
ge 8.0.0 lt 8.5.26
grafana9
< 9.2.19
ge 9.3.0 lt 9.3.15
ge 9.4.0 lt 9.4.12
ge 9.5.0 lt 9.5.3
CVE-2023-2183
https://grafana.com/security/security-advisories/cve-2023-2183/
|
| ecffb881-a7a7-11ed-8d6a-6c3be5272acd | Grafana -- Stored XSS in ResourcePicker component
Grafana Labs reports:
On 2022-12-16 during an internal audit of Grafana, a member of the security
team found a stored XSS vulnerability affecting the core plugin GeoMap.
The stored XSS vulnerability was possible due to SVG-files weren't properly
sanitized and allowed arbitrary JavaScript to be executed in the context
of the currently authorized user of the Grafana instance.
Discovery 2022-12-16
Entry 2023-02-09
grafana
ge 8.1.0 lt 8.5.16
ge 9.0.0 lt 9.2.10
ge 9.3.0 lt 9.3.4
grafana8
ge 8.1.0 lt 8.5.16
grafana9
ge 9.0.0 lt 9.2.10
ge 9.3.0 lt 9.3.4
CVE-2022-23552
https://github.com/grafana/grafana/security/advisories/GHSA-8xmm-x63g-f6xv
|
| 5e257b0d-e466-11ed-834b-6c3be5272acd | Grafana -- Exposure of sensitive information to an unauthorized actor
Grafana Labs reports:
When setting up Grafana, there is an option to enable
JWT authentication. Enabling this will allow users to authenticate towards
the Grafana instance with a special header (default X-JWT-Assertion
).
In Grafana, there is an additional way to authenticate using JWT called
URL login where the token is passed as a query parameter.
When using this option, a JWT token is passed to the data source as a header,
which leads to exposure of sensitive information to an unauthorized party.
The CVSS score for this vulnerability is 4.2 Medium
Discovery 2023-04-26
Entry 2023-04-26
grafana
grafana9
ge 9.1.0 lt 9.2.17
ge 9.3.0 lt 9.3.13
ge 9.4.0 lt 9.4.9
CVE-2023-1387
https://grafana.com/security/security-advisories/cve-2023-1387/
|
| 6a851dc0-cfd2-11ee-ac09-6c3be5272acd | Grafana -- Email verification is not required after email change
Grafana Labs reports:
The vulnerability impacts instances where
Grafana basic authentication is enabled.
Grafana has a
verify_email_enabled configuration option. When this option is enabled,
users are required to confirm their email addresses before the sign-up process
is complete. However, the email is only checked at the time of the sign-up.
No further verification is carried out if a userâÂÂs email address is updated
after the initial sign-up. Moreover, Grafana allows using an email address
as the userâÂÂs login name, and no verification is ever carried out for this email
address.
This means that even if the
verify_email_enabled configuration option is enabled, users can use
unverified email addresses to log into Grafana if the email address
has been changed after the sign up, or if an email address is set as the login
name.
The CVSS score for this vulnerability is [5.4 Medium] (CVSS).
Discovery 2023-11-10
Entry 2024-02-20
grafana
< 9.5.16
ge 10.0.0 lt 10.0.11
ge 10.1.0 lt 10.1.7
ge 10.2.0 lt 10.2.4
ge 10.3.0 lt 10.3.3
grafana9
< 9.5.16
grafana10
< 10.0.11
ge 10.1.0 lt 10.1.7
ge 10.2.0 lt 10.2.4
ge 10.3.0 lt 10.3.3
CVE-2023-6152
https://grafana.com/security/security-advisories/cve-2023-6152/
|
| 6d31ef38-df85-11ee-abf1-6c3be5272acd | Grafana -- Data source permission escalation
Grafana Labs reports:
The vulnerability impacts Grafana Cloud and Grafana Enterprise instances,
and it is exploitable if a user who should not be able to access all data
sources is granted permissions to create a data source.
By default, only organization Administrators are allowed to create a data
source and have full access to all data sources. All other users need to be
explicitly granted permission to create a data source, which then means they
could exploit this vulnerability.
When a user creates a data source via the
API,
they can specify data source UID. If the UID is set to an asterisk (*),
the user gains permissions to query, update, and delete all data sources
in the organization. The exploit, however, does not stretch across
organizations â to exploit the vulnerability in several organizations, a user
would need permissions to create data sources in each organization.
The vulnerability comes from a lack of UID validation. When evaluating
permissions, we interpret an asterisk (*) as a wild card for all resources.
Therefore, we should treat it as a reserved value, and not allow the creation
of a resource with the UID set to an asterisk.
The CVSS score for this vulnerability is
6 Medium.
Discovery 2024-02-12
Entry 2024-03-11
Modified 2024-03-26
grafana
ge 8.5.0 lt 9.5.17
ge 10.0.0 lt 10.0.12
ge 10.1.0 lt 10.1.8
ge 10.2.0 lt 10.2.5
ge 10.3.0 lt 10.3.4
grafana9
< 9.5.17
CVE-2024-1442
https://grafana.com/security/security-advisories/cve-2024-1442/
|
| e2a8e2bd-b808-11ed-b695-6c3be5272acd | Grafana -- Stored XSS in geomap panel plugin via attribution
Grafana Labs reports:
During an internal audit of Grafana on January 25, a member of the security
team found a stored XSS vulnerability affecting the core geomap plugin.
The stored XSS vulnerability was possible because map attributions werenâÂÂt
properly sanitized, allowing arbitrary JavaScript to be executed in the context
of the currently authorized user of the Grafana instance.
The CVSS score for this vulnerability is 7.3 High
(CVSS:7.3/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N).
Discovery 2023-01-25
Entry 2023-03-01
grafana
< 8.5.21
ge 9.0.0 lt 9.2.13
ge 9.3.0 lt 9.3.8
grafana8
< 8.5.21
grafana9
ge 9.0.0 lt 9.2.13
ge 9.3.0 lt 9.3.8
CVE-2023-0507
https://grafana.com/blog/2023/02/28/grafana-security-release-new-versions-with-security-fixes-for-cve-2023-0594-cve-2023-0507-and-cve-2023-22462/
|