Описание
Grafana 5.3.1 has XSS via the "Dashboard > Text Panel" screen. NOTE: this issue exists because of an incomplete fix for CVE-2018-12099.
A flaw was found in grafana. An incomplete fix for CVE-2018-12099 allows for a XSS in the "Dashboard > Text Panel" screen.
Отчет
While OpenShift 3.11 grafana-container packages a vulnerable version of grafana, the dashboard is set to read-only meaning that the vulnerable component cannot be added or modified to contain the potential XSS. As the OpenShift version still packages vulnerable code, the impact is set Low.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| OpenShift Service Mesh 1 | servicemesh-grafana | Not affected | ||
| Red Hat Ceph Storage 2 | grafana | Out of support scope | ||
| Red Hat Ceph Storage 4 | rhceph/rhceph-4-dashboard-rhel8 | Not affected | ||
| Red Hat Enterprise Linux 8 | grafana | Not affected | ||
| Red Hat OpenShift Container Platform 3.11 | openshift3/grafana | Fix deferred | ||
| Red Hat OpenShift Container Platform 4 | openshift4/ose-grafana | Not affected | ||
| Red Hat Storage 3 | grafana | Affected | ||
| Red Hat Ceph Storage 3.2 | grafana | Fixed | RHSA-2019:0019 | 03.01.2019 |
Показывать по
Дополнительная информация
Статус:
EPSS
6.1 Medium
CVSS3
Связанные уязвимости
Grafana 5.3.1 has XSS via the "Dashboard > Text Panel" screen. NOTE: this issue exists because of an incomplete fix for CVE-2018-12099.
Grafana 5.3.1 has XSS via the "Dashboard > Text Panel" screen. NOTE: this issue exists because of an incomplete fix for CVE-2018-12099.
Grafana 5.3.1 has XSS via the "Dashboard > Text Panel" screen. NOTE: t ...
EPSS
6.1 Medium
CVSS3