All the vulnerabilites related to Grafana - Grafana Enterprise
cve-2023-3128
Vulnerability from cvelistv5
Published
2023-06-22 20:14
Modified
2024-08-02 06:48
Severity
Summary
Grafana is validating Azure AD accounts based on the email claim.
On Azure AD, the profile email field is not unique and can be easily modified.
This leads to account takeover and authentication bypass when Azure AD OAuth is configured with a multi-tenant app.
References
Impacted products
| Vendor | Product |
|---|---|
| Grafana | Grafana |
| Grafana | Grafana Enterprise |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:48:07.347Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://grafana.com/security/security-advisories/cve-2023-3128/"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/grafana/bugbounty/security/advisories/GHSA-gxh2-6vvc-rrgp"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20230714-0004/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Grafana",
"vendor": "Grafana",
"versions": [
{
"lessThan": "9.5.4",
"status": "affected",
"version": "9.5.0",
"versionType": "semver"
},
{
"lessThan": "9.4.13",
"status": "affected",
"version": "9.4.0",
"versionType": "semver"
},
{
"lessThan": "9.3.16",
"status": "affected",
"version": "9.3.0",
"versionType": "semver"
},
{
"lessThan": "9.2.20",
"status": "affected",
"version": "9.2.0",
"versionType": "semver"
},
{
"lessThan": "8.5.27",
"status": "affected",
"version": "6.7.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Grafana Enterprise",
"vendor": "Grafana",
"versions": [
{
"lessThan": "9.5.4",
"status": "affected",
"version": "9.5.0",
"versionType": "semver"
},
{
"lessThan": "9.4.13",
"status": "affected",
"version": "9.4.0",
"versionType": "semver"
},
{
"lessThan": "9.3.16",
"status": "affected",
"version": "9.3.0",
"versionType": "semver"
},
{
"lessThan": "9.2.20",
"status": "affected",
"version": "9.2.0",
"versionType": "semver"
},
{
"lessThan": "8.5.27",
"status": "affected",
"version": "6.7.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eGrafana is validating Azure AD accounts based on the email claim. \u003c/p\u003e\u003cp\u003eOn Azure AD, the profile email field is not unique and can be easily modified. \u003c/p\u003e\u003cp\u003eThis leads to account takeover and authentication bypass when Azure AD OAuth is configured with a multi-tenant app. \u003c/p\u003e"
}
],
"value": "Grafana is validating Azure AD accounts based on the email claim. \n\nOn Azure AD, the profile email field is not unique and can be easily modified. \n\nThis leads to account takeover and authentication bypass when Azure AD OAuth is configured with a multi-tenant app. \n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-115"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-290",
"description": "CWE-290",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-06T08:24:09.716Z",
"orgId": "57da9224-a3e2-4646-9d0e-c4dc2e05e7da",
"shortName": "GRAFANA"
},
"references": [
{
"url": "https://grafana.com/security/security-advisories/cve-2023-3128/"
},
{
"url": "https://github.com/grafana/bugbounty/security/advisories/GHSA-gxh2-6vvc-rrgp"
},
{
"url": "https://security.netapp.com/advisory/ntap-20230714-0004/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "57da9224-a3e2-4646-9d0e-c4dc2e05e7da",
"assignerShortName": "GRAFANA",
"cveId": "CVE-2023-3128",
"datePublished": "2023-06-22T20:14:00.805Z",
"dateReserved": "2023-06-06T15:02:55.259Z",
"dateUpdated": "2024-08-02T06:48:07.347Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-6152
Vulnerability from cvelistv5
Published
2024-02-13 21:38
Modified
2024-08-22 15:51
Severity
Summary
A user changing their email after signing up and verifying it can change it without verification in profile settings.
The configuration option "verify_email_enabled" will only validate email only on sign up.
References
Impacted products
| Vendor | Product |
|---|---|
| Grafana | Grafana |
| Grafana | Grafana Enterprise |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:21:17.614Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://grafana.com/security/security-advisories/cve-2023-6152/"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/grafana/bugbounty/security/advisories/GHSA-3hv4-r2fm-h27f"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "grafana",
"vendor": "grafana",
"versions": [
{
"lessThan": "9.5.16",
"status": "affected",
"version": "2.5.0",
"versionType": "custom"
},
{
"lessThan": "10.0.11",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
},
{
"lessThan": "10.1.7",
"status": "affected",
"version": "10.10",
"versionType": "custom"
},
{
"lessThan": "10.2.4",
"status": "affected",
"version": "10.2.0",
"versionType": "custom"
},
{
"lessThan": "10.3.3",
"status": "affected",
"version": "10.3.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:grafana:grafana_enterprise:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "grafana_enterprise",
"vendor": "grafana",
"versions": [
{
"lessThan": "9.5.16",
"status": "affected",
"version": "2.5.0",
"versionType": "custom"
},
{
"lessThan": "10.0.11",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
},
{
"lessThan": "10.1.7",
"status": "affected",
"version": "10.10",
"versionType": "custom"
},
{
"lessThan": "10.2.4",
"status": "affected",
"version": "10.2.0",
"versionType": "custom"
},
{
"lessThan": "10.3.3",
"status": "affected",
"version": "10.3.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-6152",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-22T15:42:45.786092Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-22T15:51:56.870Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Grafana",
"vendor": "Grafana",
"versions": [
{
"lessThan": "9.5.16",
"status": "affected",
"version": "2.5.0",
"versionType": "semver"
},
{
"lessThan": "10.0.11",
"status": "affected",
"version": "10.0.0",
"versionType": "semver"
},
{
"lessThan": "10.1.7",
"status": "affected",
"version": "10.1.0",
"versionType": "semver"
},
{
"lessThan": "10.2.4",
"status": "affected",
"version": "10.2.0",
"versionType": "semver"
},
{
"lessThan": "10.3.3",
"status": "affected",
"version": "10.3.0",
"versionType": "semver"
}
]
},
{
"product": "Grafana Enterprise",
"vendor": "Grafana",
"versions": [
{
"lessThan": "9.5.16",
"status": "affected",
"version": "2.5.0",
"versionType": "semver"
},
{
"lessThan": "10.0.11",
"status": "affected",
"version": "10.0.0",
"versionType": "semver"
},
{
"lessThan": "10.1.7",
"status": "affected",
"version": "10.1.0",
"versionType": "semver"
},
{
"lessThan": "10.2.4",
"status": "affected",
"version": "10.2.0",
"versionType": "semver"
},
{
"lessThan": "10.3.3",
"status": "affected",
"version": "10.3.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA user changing their email after signing up and verifying it can change it without verification in profile settings.\u003c/p\u003e\u003cp\u003eThe configuration option \"verify_email_enabled\" will only validate email only on sign up.\u003c/p\u003e"
}
],
"value": "A user changing their email after signing up and verifying it can change it without verification in profile settings.\n\nThe configuration option \"verify_email_enabled\" will only validate email only on sign up.\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-115"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-13T21:38:01.404Z",
"orgId": "57da9224-a3e2-4646-9d0e-c4dc2e05e7da",
"shortName": "GRAFANA"
},
"references": [
{
"url": "https://grafana.com/security/security-advisories/cve-2023-6152/"
},
{
"url": "https://github.com/grafana/bugbounty/security/advisories/GHSA-3hv4-r2fm-h27f"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "57da9224-a3e2-4646-9d0e-c4dc2e05e7da",
"assignerShortName": "GRAFANA",
"cveId": "CVE-2023-6152",
"datePublished": "2024-02-13T21:38:01.404Z",
"dateReserved": "2023-11-15T12:44:28.824Z",
"dateUpdated": "2024-08-22T15:51:56.870Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-2801
Vulnerability from cvelistv5
Published
2023-06-06 18:03
Modified
2024-08-02 06:33
Severity
Summary
Grafana is an open-source platform for monitoring and observability.
Using public dashboards users can query multiple distinct data sources using mixed queries. However such query has a possibility of crashing a Grafana instance.
The only feature that uses mixed queries at the moment is public dashboards, but it's also possible to cause this by calling the query API directly.
This might enable malicious users to crash Grafana instances through that endpoint.
Users may upgrade to version 9.4.12 and 9.5.3 to receive a fix.
References
Impacted products
| Vendor | Product |
|---|---|
| Grafana | Grafana |
| Grafana | Grafana Enterprise |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:33:05.564Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://grafana.com/security/security-advisories/cve-2023-2801/"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20230706-0002/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Grafana",
"vendor": "Grafana",
"versions": [
{
"lessThan": "9.4.12",
"status": "affected",
"version": "9.4.0",
"versionType": "semver"
},
{
"lessThan": "9.5.3",
"status": "affected",
"version": "9.5.0",
"versionType": "semver"
}
]
},
{
"product": "Grafana Enterprise",
"vendor": "Grafana",
"versions": [
{
"lessThan": "9.4.12",
"status": "affected",
"version": "9.4.0",
"versionType": "semver"
},
{
"lessThan": "9.5.3",
"status": "affected",
"version": "9.5.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eGrafana is an open-source platform for monitoring and observability. \u003c/p\u003e\u003cp\u003eUsing public dashboards users can query multiple distinct data sources using mixed queries. However such query has a possibility of crashing a Grafana instance.\u003c/p\u003e\u003cp\u003eThe only feature that uses mixed queries at the moment is public dashboards, but it\u0027s also possible to cause this by calling the query API directly.\u003c/p\u003e\u003cp\u003eThis might enable malicious users to crash Grafana instances through that endpoint.\u003c/p\u003e\u003cp\u003eUsers may upgrade to version 9.4.12 and 9.5.3 to receive a fix.\u003c/p\u003e"
}
],
"value": "Grafana is an open-source platform for monitoring and observability. \n\nUsing public dashboards users can query multiple distinct data sources using mixed queries. However such query has a possibility of crashing a Grafana instance.\n\nThe only feature that uses mixed queries at the moment is public dashboards, but it\u0027s also possible to cause this by calling the query API directly.\n\nThis might enable malicious users to crash Grafana instances through that endpoint.\n\nUsers may upgrade to version 9.4.12 and 9.5.3 to receive a fix.\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-26",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-26"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-820",
"description": "CWE-820",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-06T18:03:32.459Z",
"orgId": "57da9224-a3e2-4646-9d0e-c4dc2e05e7da",
"shortName": "GRAFANA"
},
"references": [
{
"url": "https://grafana.com/security/security-advisories/cve-2023-2801/"
},
{
"url": "https://security.netapp.com/advisory/ntap-20230706-0002/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "57da9224-a3e2-4646-9d0e-c4dc2e05e7da",
"assignerShortName": "GRAFANA",
"cveId": "CVE-2023-2801",
"datePublished": "2023-06-06T18:03:32.459Z",
"dateReserved": "2023-05-18T16:22:13.573Z",
"dateUpdated": "2024-08-02T06:33:05.564Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-6322
Vulnerability from cvelistv5
Published
2024-08-20 17:52
Modified
2024-09-03 17:04
Severity
Summary
Access control for plugin data sources protected by the ReqActions json field of the plugin.json is bypassed if the user or service account is granted associated access to any other data source, as the ReqActions check was not scoped to each specific datasource. The account must have prior query access to the impacted datasource.
References
Impacted products
| Vendor | Product |
|---|---|
| Grafana | Grafana |
| Grafana | Grafana Enterprise |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-6322",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-21T13:25:17.993382Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-03T17:04:40.540Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Grafana",
"vendor": "Grafana",
"versions": [
{
"lessThan": "11.1.1",
"status": "affected",
"version": "11.1.0",
"versionType": "semver"
},
{
"lessThan": "11.1.3",
"status": "affected",
"version": "11.1.2",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Grafana Enterprise",
"vendor": "Grafana",
"versions": [
{
"lessThan": "11.1.1",
"status": "affected",
"version": "11.1.0",
"versionType": "semver"
},
{
"lessThan": "11.1.3",
"status": "affected",
"version": "11.1.2",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAccess control for plugin data sources protected by the ReqActions json field of the plugin.json is bypassed if the user or service account is granted associated access to any other data source, as the ReqActions check was not scoped to each specific datasource. The account must have prior query access to the impacted datasource.\u003c/p\u003e"
}
],
"value": "Access control for plugin data sources protected by the ReqActions json field of the plugin.json is bypassed if the user or service account is granted associated access to any other data source, as the ReqActions check was not scoped to each specific datasource. The account must have prior query access to the impacted datasource."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-266",
"description": "CWE-266",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-20T17:52:06.232Z",
"orgId": "57da9224-a3e2-4646-9d0e-c4dc2e05e7da",
"shortName": "GRAFANA"
},
"references": [
{
"url": "https://grafana.com/security/security-advisories/cve-2024-6322/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "57da9224-a3e2-4646-9d0e-c4dc2e05e7da",
"assignerShortName": "GRAFANA",
"cveId": "CVE-2024-6322",
"datePublished": "2024-08-20T17:52:06.232Z",
"dateReserved": "2024-06-25T13:25:06.436Z",
"dateUpdated": "2024-09-03T17:04:40.540Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-2183
Vulnerability from cvelistv5
Published
2023-06-06 18:04
Modified
2024-08-02 06:12
Severity
Summary
Grafana is an open-source platform for monitoring and observability.
The option to send a test alert is not available from the user panel UI for users having the Viewer role. It is still possible for a user with the Viewer role to send a test alert using the API as the API does not check access to this function.
This might enable malicious users to abuse the functionality by sending multiple alert messages to e-mail and Slack, spamming users, prepare Phishing attack or block SMTP server.
Users may upgrade to version 9.5.3, 9.4.12, 9.3.15, 9.2.19 and 8.5.26 to receive a fix.
References
Impacted products
| Vendor | Product |
|---|---|
| Grafana | Grafana |
| Grafana | Grafana Enterprise |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:12:20.655Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://grafana.com/security/security-advisories/cve-2023-2183/"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/grafana/bugbounty/security/advisories/GHSA-cvm3-pp2j-chr3"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20230706-0002/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Grafana",
"vendor": "Grafana",
"versions": [
{
"lessThan": "8.5.26",
"status": "affected",
"version": "8.0.0",
"versionType": "semver"
},
{
"lessThan": "9.2.19",
"status": "affected",
"version": "9.0.0",
"versionType": "semver"
},
{
"lessThan": "9.3.15",
"status": "affected",
"version": "9.3.0",
"versionType": "semver"
},
{
"lessThan": "9.4.12",
"status": "affected",
"version": "9.4.0",
"versionType": "semver"
},
{
"lessThan": "9.5.3",
"status": "affected",
"version": "9.5.0",
"versionType": "semver"
}
]
},
{
"product": "Grafana Enterprise",
"vendor": "Grafana",
"versions": [
{
"lessThan": "8.5.26",
"status": "affected",
"version": "8.0.0",
"versionType": "semver"
},
{
"lessThan": "9.2.19",
"status": "affected",
"version": "9.0.0",
"versionType": "semver"
},
{
"lessThan": "9.3.15",
"status": "affected",
"version": "9.3.0",
"versionType": "semver"
},
{
"lessThan": "9.4.12",
"status": "affected",
"version": "9.4.0",
"versionType": "semver"
},
{
"lessThan": "9.5.3",
"status": "affected",
"version": "9.5.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eGrafana is an open-source platform for monitoring and observability. \u003c/p\u003e\u003cp\u003eThe option to send a test alert is not available from the user panel UI for users having the Viewer role. It is still possible for a user with the Viewer role to send a test alert using the API as the API does not check access to this function.\u003c/p\u003e\u003cp\u003eThis might enable malicious users to abuse the functionality by sending multiple alert messages to e-mail and Slack, spamming users, prepare Phishing attack or block SMTP server.\u003c/p\u003e\u003cp\u003eUsers may upgrade to version 9.5.3, 9.4.12, 9.3.15, 9.2.19 and 8.5.26 to receive a fix.\u003c/p\u003e"
}
],
"value": "Grafana is an open-source platform for monitoring and observability. \n\nThe option to send a test alert is not available from the user panel UI for users having the Viewer role. It is still possible for a user with the Viewer role to send a test alert using the API as the API does not check access to this function.\n\nThis might enable malicious users to abuse the functionality by sending multiple alert messages to e-mail and Slack, spamming users, prepare Phishing attack or block SMTP server.\n\nUsers may upgrade to version 9.5.3, 9.4.12, 9.3.15, 9.2.19 and 8.5.26 to receive a fix.\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-180",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-180"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-06T18:04:26.485Z",
"orgId": "57da9224-a3e2-4646-9d0e-c4dc2e05e7da",
"shortName": "GRAFANA"
},
"references": [
{
"url": "https://grafana.com/security/security-advisories/cve-2023-2183/"
},
{
"url": "https://github.com/grafana/bugbounty/security/advisories/GHSA-cvm3-pp2j-chr3"
},
{
"url": "https://security.netapp.com/advisory/ntap-20230706-0002/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "57da9224-a3e2-4646-9d0e-c4dc2e05e7da",
"assignerShortName": "GRAFANA",
"cveId": "CVE-2023-2183",
"datePublished": "2023-06-06T18:04:26.485Z",
"dateReserved": "2023-04-19T12:11:08.488Z",
"dateUpdated": "2024-08-02T06:12:20.655Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-4399
Vulnerability from cvelistv5
Published
2023-10-17 07:09
Modified
2024-08-02 07:24
Severity
Summary
Grafana is an open-source platform for monitoring and observability.
In Grafana Enterprise, Request security is a deny list that allows admins to configure Grafana in a way so that the instance doesn’t call specific hosts.
However, the restriction can be bypassed used punycode encoding of the characters in the request address.
References
Impacted products
| Vendor | Product |
|---|---|
| Grafana | Grafana Enterprise |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:24:04.622Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://grafana.com/security/security-advisories/cve-2023-4399/"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20231208-0003/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Grafana Enterprise",
"vendor": "Grafana",
"versions": [
{
"lessThan": "10.1.5",
"status": "affected",
"version": "10.1.0",
"versionType": "semver"
},
{
"lessThan": "10.0.9",
"status": "affected",
"version": "10.0.0",
"versionType": "semver"
},
{
"lessThan": "9.5.13",
"status": "affected",
"version": "9.5.0",
"versionType": "semver"
},
{
"lessThan": "9.4.17",
"status": "affected",
"version": "9.4.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eGrafana is an open-source platform for monitoring and observability. \u003c/p\u003e\u003cp\u003eIn Grafana Enterprise, Request security is a deny list that allows admins to configure Grafana in a way so that the instance doesn\u2019t call specific hosts.\u003c/p\u003e\u003cp\u003eHowever, the restriction can be bypassed used punycode encoding of the characters in the request address.\u003c/p\u003e"
}
],
"value": "Grafana is an open-source platform for monitoring and observability. \n\nIn Grafana Enterprise, Request security is a deny list that allows admins to configure Grafana in a way so that the instance doesn\u2019t call specific hosts.\n\nHowever, the restriction can be bypassed used punycode encoding of the characters in the request address.\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-267",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-267"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-183",
"description": "CWE-183",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-17T07:09:03.015Z",
"orgId": "57da9224-a3e2-4646-9d0e-c4dc2e05e7da",
"shortName": "GRAFANA"
},
"references": [
{
"url": "https://grafana.com/security/security-advisories/cve-2023-4399/"
},
{
"url": "https://security.netapp.com/advisory/ntap-20231208-0003/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "57da9224-a3e2-4646-9d0e-c4dc2e05e7da",
"assignerShortName": "GRAFANA",
"cveId": "CVE-2023-4399",
"datePublished": "2023-10-17T07:09:03.015Z",
"dateReserved": "2023-08-17T10:06:35.187Z",
"dateUpdated": "2024-08-02T07:24:04.622Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-0594
Vulnerability from cvelistv5
Published
2023-03-01 15:36
Modified
2024-08-02 05:17
Severity
Summary
Grafana is an open-source platform for monitoring and observability.
Starting with the 7.0 branch, Grafana had a stored XSS vulnerability in the trace view visualization.
The stored XSS vulnerability was possible due the value of a span's attributes/resources were not properly sanitized and this will be rendered when the span's attributes/resources are expanded.
An attacker needs to have the Editor role in order to change the value of a trace view visualization to contain JavaScript.
This means that vertical privilege escalation is possible, where a user with Editor role can change to a known password for a user having Admin role if the user with Admin role executes malicious JavaScript viewing a dashboard.
Users may upgrade to version 8.5.21, 9.2.13 and 9.3.8 to receive a fix.
References
Impacted products
| Vendor | Product |
|---|---|
| Grafana | Grafana |
| Grafana | Grafana Enterprise |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:17:50.130Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://security.netapp.com/advisory/ntap-20230331-0007/"
},
{
"tags": [
"x_transferred"
],
"url": "https://grafana.com/security/security-advisories/cve-2023-0594/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Grafana",
"vendor": "Grafana",
"versions": [
{
"lessThan": "8.5.21",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
},
{
"lessThan": "9.2.13",
"status": "affected",
"version": "9.0.0",
"versionType": "semver"
},
{
"lessThan": "9.3.8",
"status": "affected",
"version": "9.3.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Grafana Enterprise",
"vendor": "Grafana",
"versions": [
{
"lessThan": "8.5.21",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
},
{
"lessThan": "9.2.13",
"status": "affected",
"version": "9.0.0",
"versionType": "semver"
},
{
"lessThan": "9.3.8",
"status": "affected",
"version": "9.3.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eGrafana is an open-source platform for monitoring and observability. \u003c/p\u003e\u003cp\u003eStarting with the 7.0 branch, Grafana had a stored XSS vulnerability in the trace view visualization. \u003c/p\u003e\u003cp\u003eThe stored XSS vulnerability was possible due the value of a span\u0027s attributes/resources were not properly sanitized and this will be rendered when the span\u0027s attributes/resources are expanded.\u003c/p\u003e\u003cp\u003eAn attacker needs to have the Editor role in order to change the value of a trace view visualization to contain JavaScript. \u003c/p\u003e\u003cp\u003eThis means that vertical privilege escalation is possible, where a user with Editor role can change to a known password for a user having Admin role if the user with Admin role executes malicious JavaScript viewing a dashboard. \u003c/p\u003e\u003cp\u003eUsers may upgrade to version 8.5.21, 9.2.13 and 9.3.8 to receive a fix. \u003c/p\u003e"
}
],
"value": "Grafana is an open-source platform for monitoring and observability. \n\nStarting with the 7.0 branch, Grafana had a stored XSS vulnerability in the trace view visualization. \n\nThe stored XSS vulnerability was possible due the value of a span\u0027s attributes/resources were not properly sanitized and this will be rendered when the span\u0027s attributes/resources are expanded.\n\nAn attacker needs to have the Editor role in order to change the value of a trace view visualization to contain JavaScript. \n\nThis means that vertical privilege escalation is possible, where a user with Editor role can change to a known password for a user having Admin role if the user with Admin role executes malicious JavaScript viewing a dashboard. \n\nUsers may upgrade to version 8.5.21, 9.2.13 and 9.3.8 to receive a fix. \n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-592",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-592"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-04T10:15:49.096Z",
"orgId": "57da9224-a3e2-4646-9d0e-c4dc2e05e7da",
"shortName": "GRAFANA"
},
"references": [
{
"url": "https://grafana.com/security/security-advisories/cve-2023-0594/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "57da9224-a3e2-4646-9d0e-c4dc2e05e7da",
"assignerShortName": "GRAFANA",
"cveId": "CVE-2023-0594",
"datePublished": "2023-03-01T15:36:43.881Z",
"dateReserved": "2023-01-31T10:37:31.334Z",
"dateUpdated": "2024-08-02T05:17:50.130Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-4822
Vulnerability from cvelistv5
Published
2023-10-16 08:45
Modified
2024-09-16 18:14
Severity
Summary
Grafana is an open-source platform for monitoring and observability. The vulnerability impacts Grafana instances with several organizations, and allows a user with Organization Admin permissions in one organization to change the permissions associated with Organization Viewer, Organization Editor and Organization Admin roles in all organizations.
It also allows an Organization Admin to assign or revoke any permissions that they have to any user globally.
This means that any Organization Admin can elevate their own permissions in any organization that they are already a member of, or elevate or restrict the permissions of any other user.
The vulnerability does not allow a user to become a member of an organization that they are not already a member of, or to add any other users to an organization that the current user is not a member of.
References
Impacted products
| Vendor | Product |
|---|---|
| Grafana | Grafana Enterprise |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:38:00.740Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://grafana.com/security/security-advisories/cve-2023-4822"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20231103-0008/"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:grafana:grafana_enterprise:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "grafana_enterprise",
"vendor": "grafana",
"versions": [
{
"lessThan": "9.4.16",
"status": "affected",
"version": "8.0.0",
"versionType": "semver"
},
{
"lessThan": "9.5.11",
"status": "affected",
"version": "9.5.0",
"versionType": "semver"
},
{
"lessThan": "10.0.7",
"status": "affected",
"version": "10.0.0",
"versionType": "semver"
},
{
"lessThan": "10.1.3",
"status": "affected",
"version": "10.1.0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-4822",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-16T18:09:06.701494Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-16T18:14:33.231Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Grafana Enterprise",
"vendor": "Grafana",
"versions": [
{
"lessThan": "9.4.16",
"status": "affected",
"version": "8.0.0",
"versionType": "semver"
},
{
"lessThan": "9.5.11",
"status": "affected",
"version": "9.5.0",
"versionType": "semver"
},
{
"lessThan": "10.0.7",
"status": "affected",
"version": "10.0.0",
"versionType": "semver"
},
{
"lessThan": "10.1.3",
"status": "affected",
"version": "10.1.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eGrafana is an open-source platform for monitoring and observability. The vulnerability impacts Grafana instances with several organizations, and allows a user with Organization Admin permissions in one organization to change the permissions associated with Organization Viewer, Organization Editor and Organization Admin roles in all organizations.\u003c/p\u003e\u003cp\u003eIt also allows an Organization Admin to assign or revoke any permissions that they have to any user globally.\u003c/p\u003e\u003cp\u003eThis means that any Organization Admin can elevate their own permissions in any organization that they are already a member of, or elevate or restrict the permissions of any other user.\u003c/p\u003e\u003cp\u003eThe vulnerability does not allow a user to become a member of an organization that they are not already a member of, or to add any other users to an organization that the current user is not a member of.\u003c/p\u003e"
}
],
"value": "Grafana is an open-source platform for monitoring and observability. The vulnerability impacts Grafana instances with several organizations, and allows a user with Organization Admin permissions in one organization to change the permissions associated with Organization Viewer, Organization Editor and Organization Admin roles in all organizations.\n\nIt also allows an Organization Admin to assign or revoke any permissions that they have to any user globally.\n\nThis means that any Organization Admin can elevate their own permissions in any organization that they are already a member of, or elevate or restrict the permissions of any other user.\n\nThe vulnerability does not allow a user to become a member of an organization that they are not already a member of, or to add any other users to an organization that the current user is not a member of.\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-17T09:45:17.371Z",
"orgId": "57da9224-a3e2-4646-9d0e-c4dc2e05e7da",
"shortName": "GRAFANA"
},
"references": [
{
"url": "https://grafana.com/security/security-advisories/cve-2023-4822"
},
{
"url": "https://security.netapp.com/advisory/ntap-20231103-0008/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "57da9224-a3e2-4646-9d0e-c4dc2e05e7da",
"assignerShortName": "GRAFANA",
"cveId": "CVE-2023-4822",
"datePublished": "2023-10-16T08:45:59.756Z",
"dateReserved": "2023-09-07T15:53:30.740Z",
"dateUpdated": "2024-09-16T18:14:33.231Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-1410
Vulnerability from cvelistv5
Published
2023-03-23 07:48
Modified
2024-08-02 05:49
Severity
Summary
Stored XSS in Graphite FunctionDescription tooltip
References
Impacted products
| Vendor | Product |
|---|---|
| Grafana | Grafana |
| Grafana | Grafana Enterprise |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:49:11.621Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://grafana.com/security/security-advisories/cve-2023-1410/"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/grafana/bugbounty/security/advisories/GHSA-qrrg-gw7w-vp76"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20230420-0003/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Grafana",
"vendor": "Grafana",
"versions": [
{
"lessThan": "8.5.22",
"status": "affected",
"version": "8.0.0",
"versionType": "semver"
},
{
"lessThan": "9.2.15",
"status": "affected",
"version": "9.0.0",
"versionType": "semver"
},
{
"lessThan": "9.3.11",
"status": "affected",
"version": "9.3.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Grafana Enterprise",
"vendor": "Grafana",
"versions": [
{
"lessThan": "8.5.22",
"status": "affected",
"version": "8.0.0",
"versionType": "semver"
},
{
"lessThan": "9.2.15",
"status": "affected",
"version": "9.0.0",
"versionType": "semver"
},
{
"lessThan": "9.3.11",
"status": "affected",
"version": "9.3.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eGrafana is an open-source platform for monitoring and observability.\u0026nbsp;\u003c/p\u003e\u003cp\u003eGrafana had a stored XSS vulnerability in the Graphite FunctionDescription tooltip. \u003c/p\u003e\u003cp\u003eThe stored XSS vulnerability was possible due the value of the Function Description was not properly sanitized.\u003c/p\u003e\u003cp\u003eAn attacker needs to have control over the Graphite data source in order to manipulate a function description and a Grafana admin needs to configure the data source, later a Grafana user needs to select a tampered function and hover over the description.\u0026nbsp;\u003c/p\u003e\u003cp\u003e Users may upgrade to version 8.5.22, 9.2.15 and 9.3.11 to receive a fix. \u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cdiv\u003e\u003c/div\u003e\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e\u003cp\u003e\u003c/p\u003e"
}
],
"value": "Grafana is an open-source platform for monitoring and observability.\u00a0\n\nGrafana had a stored XSS vulnerability in the Graphite FunctionDescription tooltip. \n\nThe stored XSS vulnerability was possible due the value of the Function Description was not properly sanitized.\n\nAn attacker needs to have control over the Graphite data source in order to manipulate a function description and a Grafana admin needs to configure the data source, later a Grafana user needs to select a tampered function and hover over the description.\u00a0\n\n Users may upgrade to version 8.5.22, 9.2.15 and 9.3.11 to receive a fix. \n\n\n\n\n\n\n\n\n\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-592",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-592"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-04T10:16:07.471Z",
"orgId": "57da9224-a3e2-4646-9d0e-c4dc2e05e7da",
"shortName": "GRAFANA"
},
"references": [
{
"url": "https://grafana.com/security/security-advisories/cve-2023-1410/"
},
{
"url": "https://github.com/grafana/bugbounty/security/advisories/GHSA-qrrg-gw7w-vp76"
},
{
"url": "https://security.netapp.com/advisory/ntap-20230420-0003/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Stored XSS in Graphite FunctionDescription tooltip",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "57da9224-a3e2-4646-9d0e-c4dc2e05e7da",
"assignerShortName": "GRAFANA",
"cveId": "CVE-2023-1410",
"datePublished": "2023-03-23T07:48:56.246Z",
"dateReserved": "2023-03-15T11:11:52.860Z",
"dateUpdated": "2024-08-02T05:49:11.621Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-0507
Vulnerability from cvelistv5
Published
2023-03-01 15:35
Modified
2024-08-02 05:17
Severity
Summary
Grafana is an open-source platform for monitoring and observability.
Starting with the 8.1 branch, Grafana had a stored XSS vulnerability affecting the core plugin GeoMap.
The stored XSS vulnerability was possible due to map attributions weren't properly sanitized and allowed arbitrary JavaScript to be executed in the context of the currently authorized user of the Grafana instance.
An attacker needs to have the Editor role in order to change a panel to include a map attribution containing JavaScript.
This means that vertical privilege escalation is possible, where a user with Editor role can change to a known password for a user having Admin role if the user with Admin role executes malicious JavaScript viewing a dashboard.
Users may upgrade to version 8.5.21, 9.2.13 and 9.3.8 to receive a fix.
References
Impacted products
| Vendor | Product |
|---|---|
| Grafana | Grafana |
| Grafana | Grafana Enterprise |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:17:49.040Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://grafana.com/security/security-advisories/cve-2023-0507/"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20230413-0001/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Grafana",
"vendor": "Grafana",
"versions": [
{
"lessThan": "8.5.21",
"status": "affected",
"version": "8.1.0",
"versionType": "semver"
},
{
"lessThan": "9.2.13",
"status": "affected",
"version": "9.0.0",
"versionType": "semver"
},
{
"lessThan": "9.3.8",
"status": "affected",
"version": "9.3.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Grafana Enterprise",
"vendor": "Grafana",
"versions": [
{
"lessThan": "8.5.21",
"status": "affected",
"version": "8.1.0",
"versionType": "semver"
},
{
"lessThan": "9.2.13",
"status": "affected",
"version": "9.0.0",
"versionType": "semver"
},
{
"lessThan": "9.3.8",
"status": "affected",
"version": "9.3.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eGrafana is an open-source platform for monitoring and observability. \u003c/p\u003e\u003cp\u003eStarting with the 8.1 branch, Grafana had a stored XSS vulnerability affecting the core plugin GeoMap. \u003c/p\u003e\u003cp\u003eThe stored XSS vulnerability was possible due to map attributions weren\u0027t properly sanitized and allowed arbitrary JavaScript to be executed in the context of the currently authorized user of the Grafana instance. \u003c/p\u003e\u003cp\u003eAn attacker needs to have the Editor role in order to change a panel to include a map attribution containing JavaScript. \u003c/p\u003e\u003cp\u003eThis means that vertical privilege escalation is possible, where a user with Editor role can change to a known password for a user having Admin role if the user with Admin role executes malicious JavaScript viewing a dashboard. \u003c/p\u003e\u003cp\u003eUsers may upgrade to version 8.5.21, 9.2.13 and 9.3.8 to receive a fix. \u003c/p\u003e"
}
],
"value": "Grafana is an open-source platform for monitoring and observability. \n\nStarting with the 8.1 branch, Grafana had a stored XSS vulnerability affecting the core plugin GeoMap. \n\nThe stored XSS vulnerability was possible due to map attributions weren\u0027t properly sanitized and allowed arbitrary JavaScript to be executed in the context of the currently authorized user of the Grafana instance. \n\nAn attacker needs to have the Editor role in order to change a panel to include a map attribution containing JavaScript. \n\nThis means that vertical privilege escalation is possible, where a user with Editor role can change to a known password for a user having Admin role if the user with Admin role executes malicious JavaScript viewing a dashboard. \n\nUsers may upgrade to version 8.5.21, 9.2.13 and 9.3.8 to receive a fix. \n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-592",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-592"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-04T09:48:34.868Z",
"orgId": "57da9224-a3e2-4646-9d0e-c4dc2e05e7da",
"shortName": "GRAFANA"
},
"references": [
{
"url": "https://grafana.com/security/security-advisories/cve-2023-0507/"
},
{
"url": "https://security.netapp.com/advisory/ntap-20230413-0001/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "57da9224-a3e2-4646-9d0e-c4dc2e05e7da",
"assignerShortName": "GRAFANA",
"cveId": "CVE-2023-0507",
"datePublished": "2023-03-01T15:35:55.259Z",
"dateReserved": "2023-01-25T15:05:48.661Z",
"dateUpdated": "2024-08-02T05:17:49.040Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-1387
Vulnerability from cvelistv5
Published
2023-04-26 13:47
Modified
2024-08-02 05:49
Severity
Summary
Grafana is an open-source platform for monitoring and observability.
Starting with the 9.1 branch, Grafana introduced the ability to search for a JWT in the URL query parameter auth_token and use it as the authentication token.
By enabling the "url_login" configuration option (disabled by default), a JWT might be sent to data sources. If an attacker has access to the data source, the leaked token could be used to authenticate to Grafana.
References
Impacted products
| Vendor | Product |
|---|---|
| Grafana | Grafana |
| Grafana | Grafana Enterprise |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:49:11.313Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://grafana.com/security/security-advisories/cve-2023-1387/"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/grafana/bugbounty/security/advisories/GHSA-5585-m9r5-p86j"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20230609-0003/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Grafana",
"vendor": "Grafana",
"versions": [
{
"lessThan": "9.2.17",
"status": "affected",
"version": "9.1.0",
"versionType": "semver"
},
{
"lessThan": "9.3.13",
"status": "affected",
"version": "9.3.0",
"versionType": "semver"
},
{
"lessThan": "9.5.0",
"status": "affected",
"version": "9.4.0",
"versionType": "semver"
}
]
},
{
"product": "Grafana Enterprise",
"vendor": "Grafana",
"versions": [
{
"lessThan": "9.2.17",
"status": "affected",
"version": "9.1.0",
"versionType": "semver"
},
{
"lessThan": "9.3.13",
"status": "affected",
"version": "9.3.0",
"versionType": "semver"
},
{
"lessThan": "9.5.0",
"status": "affected",
"version": "9.4.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eGrafana is an open-source platform for monitoring and observability. \u003c/p\u003e\u003cp\u003eStarting with the 9.1 branch, Grafana introduced the ability to search for a JWT in the URL query parameter auth_token and use it as the authentication token. \u003c/p\u003e\u003cp\u003eBy enabling the \"url_login\" configuration option (disabled by default), a JWT might be sent to data sources. If an attacker has access to the data source, the leaked token could be used to authenticate to Grafana.\u003c/p\u003e"
}
],
"value": "Grafana is an open-source platform for monitoring and observability. \n\nStarting with the 9.1 branch, Grafana introduced the ability to search for a JWT in the URL query parameter auth_token and use it as the authentication token. \n\nBy enabling the \"url_login\" configuration option (disabled by default), a JWT might be sent to data sources. If an attacker has access to the data source, the leaked token could be used to authenticate to Grafana.\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-116",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-116"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-26T13:47:16.914Z",
"orgId": "57da9224-a3e2-4646-9d0e-c4dc2e05e7da",
"shortName": "GRAFANA"
},
"references": [
{
"url": "https://grafana.com/security/security-advisories/cve-2023-1387/"
},
{
"url": "https://github.com/grafana/bugbounty/security/advisories/GHSA-5585-m9r5-p86j"
},
{
"url": "https://security.netapp.com/advisory/ntap-20230609-0003/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "57da9224-a3e2-4646-9d0e-c4dc2e05e7da",
"assignerShortName": "GRAFANA",
"cveId": "CVE-2023-1387",
"datePublished": "2023-04-26T13:47:16.914Z",
"dateReserved": "2023-03-14T11:11:01.304Z",
"dateUpdated": "2024-08-02T05:49:11.313Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}