Описание
Grafana version confirmed for 5.2.4 and 5.3.0 contains a Cross Site Scripting (XSS) vulnerability in Influxdb and Graphite query editor that can result in Running arbitrary js code in victims browser.. This attack appear to be exploitable via Authenticated user must click on the input field where the payload was previously inserted..
Отчет
The version of Grafana provided in Red Hat OpenStack Optools does not contain the vulnerable functionality and is not affected by this vulnerability. Additionally, Grafana is unsupported in Red Hat OpenStack. Grafana shipped with Ceph and Gluster includes the affected code, and is vulnerable to cross site scripting attack via query editor.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Ceph Storage 2 | grafana | Affected | ||
| Red Hat Ceph Storage 3 | grafana | Affected | ||
| Red Hat OpenShift Container Platform 3.11 | openshift3/grafana | Affected | ||
| Red Hat OpenStack Platform 8 (Liberty) Operational Tools | grafana | Not affected | ||
| Red Hat OpenStack Platform 9 (Mitaka) Operational Tools | grafana | Not affected | ||
| Red Hat Storage 3 | grafana | Affected |
Показывать по
Дополнительная информация
Статус:
EPSS
5.4 Medium
CVSS3
Связанные уязвимости
Grafana version confirmed for 5.2.4 and 5.3.0 contains a Cross Site Scripting (XSS) vulnerability in Influxdb and Graphite query editor that can result in Running arbitrary js code in victims browser.. This attack appear to be exploitable via Authenticated user must click on the input field where the payload was previously inserted..
Grafana version confirmed for 5.2.4 and 5.3.0 contains a Cross Site Scripting (XSS) vulnerability in Influxdb and Graphite query editor that can result in Running arbitrary js code in victims browser.. This attack appear to be exploitable via Authenticated user must click on the input field where the payload was previously inserted..
Grafana version confirmed for 5.2.4 and 5.3.0 contains a Cross Site Sc ...
EPSS
5.4 Medium
CVSS3