Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2018-18625

Опубликовано: 02 июн. 2020
Источник: redhat
CVSS3: 6.1

Описание

Grafana 5.3.1 has XSS via a link on the "Dashboard > All Panels > General" screen. NOTE: this issue exists because of an incomplete fix for CVE-2018-12099.

A flaw was found in grafana. An incomplete fix for CVE-2018-12099 allows for a XSS via a column style on the "Dashboard > All Panels > General" screen.

Отчет

While OpenShift 3.11 grafana-container packages a vulnerable version of grafana, the dashboard is set to read-only meaning that the vulnerable component cannot be added or modified to contain the potential XSS. As OpenShift still packages the vulnerable code, the component is affected but with impact Low. In OpenShift ServiceMesh 1.0 the grafana component is a vulnerable version, however as it is behind OpenShift OAuth restricting access to authenticated users only the impact is Low. Red Hat Enterprise Linux 8 is not affected by this flaw, as it ships a newer version of grafana which does not include the vulnerable code.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
OpenShift Service Mesh 1servicemesh-grafanaNot affected
Red Hat Ceph Storage 2grafanaOut of support scope
Red Hat Ceph Storage 3grafanaAffected
Red Hat Ceph Storage 3grafana-containerAffected
Red Hat Ceph Storage 4rhceph/rhceph-4-dashboard-rhel8Affected
Red Hat Enterprise Linux 8grafanaNot affected
Red Hat OpenShift Container Platform 3.11openshift3/grafanaFix deferred
Red Hat OpenShift Container Platform 4openshift4/ose-grafanaNot affected
Red Hat Storage 3grafanaAffected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-79
https://bugzilla.redhat.com/show_bug.cgi?id=1850575grafana: XSS vulnerability via a link on the "Dashboard > All Panels > General" screen

6.1 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2018-18625

CVSS3: 6.1
ubuntu
около 5 лет назад

Grafana 5.3.1 has XSS via a link on the "Dashboard > All Panels > General" screen. NOTE: this issue exists because of an incomplete fix for CVE-2018-12099.

nvd логотип

CVE-2018-18625

CVSS3: 6.1
nvd
около 5 лет назад

Grafana 5.3.1 has XSS via a link on the "Dashboard > All Panels > General" screen. NOTE: this issue exists because of an incomplete fix for CVE-2018-12099.

debian логотип

CVE-2018-18625

CVSS3: 6.1
debian
около 5 лет назад

Grafana 5.3.1 has XSS via a link on the "Dashboard > All Panels > Gene ...

github логотип

GHSA-6wh2-8hw7-jw94

CVSS3: 6.1
github
больше 1 года назад

Grafana XSS via adding a link in General feature

6.1 Medium

CVSS3