Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2022-31097

Опубликовано: 15 июл. 2022
Источник: nvd
CVSS3: 7.3
CVSS3: 8.7
EPSS Средний

Описание

Grafana is an open-source platform for monitoring and observability. Versions on the 8.x and 9.x branch prior to 9.0.3, 8.5.9, 8.4.10, and 8.3.10 are vulnerable to stored cross-site scripting via the Unified Alerting feature of Grafana. An attacker can exploit this vulnerability to escalate privilege from editor to admin by tricking an authenticated admin to click on a link. Versions 9.0.3, 8.5.9, 8.4.10, and 8.3.10 contain a patch. As a workaround, it is possible to disable alerting or use legacy alerting.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:*
Версия от 8.0.0 (включая) до 8.3.10 (исключая)
cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:*
Версия от 8.4.0 (включая) до 8.4.10 (исключая)
cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:*
Версия от 8.5.0 (включая) до 8.5.9 (исключая)
cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:*
Версия от 9.0.0 (включая) до 9.0.3 (исключая)
Конфигурация 2
cpe:2.3:a:netapp:e-series_performance_analyzer:-:*:*:*:*:*:*:*

EPSS

Процентиль: 98%
0.49086
Средний

7.3 High

CVSS3

8.7 High

CVSS3

Дефекты

CWE-79
CWE-79

Связанные уязвимости

ubuntu логотип

CVE-2022-31097

CVSS3: 7.3
ubuntu
почти 3 года назад

Grafana is an open-source platform for monitoring and observability. Versions on the 8.x and 9.x branch prior to 9.0.3, 8.5.9, 8.4.10, and 8.3.10 are vulnerable to stored cross-site scripting via the Unified Alerting feature of Grafana. An attacker can exploit this vulnerability to escalate privilege from editor to admin by tricking an authenticated admin to click on a link. Versions 9.0.3, 8.5.9, 8.4.10, and 8.3.10 contain a patch. As a workaround, it is possible to disable alerting or use legacy alerting.

redhat логотип

CVE-2022-31097

CVSS3: 7.3
redhat
почти 3 года назад

Grafana is an open-source platform for monitoring and observability. Versions on the 8.x and 9.x branch prior to 9.0.3, 8.5.9, 8.4.10, and 8.3.10 are vulnerable to stored cross-site scripting via the Unified Alerting feature of Grafana. An attacker can exploit this vulnerability to escalate privilege from editor to admin by tricking an authenticated admin to click on a link. Versions 9.0.3, 8.5.9, 8.4.10, and 8.3.10 contain a patch. As a workaround, it is possible to disable alerting or use legacy alerting.

debian логотип

CVE-2022-31097

CVSS3: 7.3
debian
почти 3 года назад

Grafana is an open-source platform for monitoring and observability. V ...

github логотип

GHSA-vw7q-p2qg-4m5f

CVSS3: 7.3
github
около 1 года назад

Grafana Stored Cross-site Scripting in Unified Alerting

fstec логотип

BDU:2022-07077

CVSS3: 8.7
fstec
почти 3 года назад

Уязвимость компонентов column.title и cellLinkTooltip веб-инструмента представления данных Grafana, позволяющая нарушителю повысить свои привилегии

EPSS

Процентиль: 98%
0.49086
Средний

7.3 High

CVSS3

8.7 High

CVSS3

Дефекты

CWE-79
CWE-79