CVE-2018-18624

Опубликовано: 02 июн. 2020

Источник: redhat

CVSS3: 6.1

Описание

Grafana 5.3.1 has XSS via a column style on the "Dashboard > Table Panel" screen. NOTE: this issue exists because of an incomplete fix for CVE-2018-12099.

A flaw was found in grafana. An incomplete fix for CVE-2018-12099 allows for a XSS via a column style on the "Dashboard > Table Panel" screen.

Отчет

Both OpenShift 3.11 and 4.x grafana-container's package a vulnerable version of grafana. However the grafana instance is set to read-only meaning that the potential XSS attack cannot be performed as the table panel cannot be modified or added. As OpenShift still packages the vulnerable code, the components are affected but with impact Low. In OpenShift ServiceMesh the grafana component is a vulnerable version, however as it is behind OpenShift OAuth restricting access to authenticated users only the impact is Low.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
OpenShift Service Mesh 1	servicemesh-grafana	Fix deferred
Red Hat Ceph Storage 2	grafana	Out of support scope
Red Hat Ceph Storage 3	grafana	Affected
Red Hat Ceph Storage 3	grafana-container	Affected
Red Hat Ceph Storage 4	rhceph/rhceph-4-dashboard-rhel8	Affected
Red Hat OpenShift Container Platform 3.11	openshift3/grafana	Fix deferred
Red Hat Storage 3	grafana	Affected
Red Hat Enterprise Linux 8	grafana	Fixed	RHSA-2020:4682	04.11.2020
Red Hat OpenShift Container Platform 4.6	openshift4/ose-grafana	Fixed	RHSA-2020:4298	27.10.2020

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-79

https://bugzilla.redhat.com/show_bug.cgi?id=1850572grafana: XSS vulnerability via a column style on the "Dashboard > Table Panel" screen

6.1 Medium

CVSS3

Связанные уязвимости

CVE-2018-18624

CVSS3: 6.1

ubuntu

около 5 лет назад

Grafana 5.3.1 has XSS via a column style on the "Dashboard > Table Panel" screen. NOTE: this issue exists because of an incomplete fix for CVE-2018-12099.

CVE-2018-18624

CVSS3: 6.1

nvd

около 5 лет назад

Grafana 5.3.1 has XSS via a column style on the "Dashboard > Table Panel" screen. NOTE: this issue exists because of an incomplete fix for CVE-2018-12099.