Описание
Grafana before 7.0.0 allows tag value XSS via the OpenTSDB datasource.
A flaw was found in grafana Tag value XSS via the OpenTSDB datasource are possible. The highest threat from this vulnerability is to data confidentiality and integrity.
Отчет
Red Hat Ceph Storage (RHCS) delivers the affected code of the grafana OpenTSDB plugin. However Red Hat Ceph Storage uses the Prometheus time-series database as a default data source not the OpenTSDB, hence the impact by this vulnerability is set to low. Red Hat Gluster Storage (RHGS) delivers the affected code of the grafana OpenTSDB plugin. However Red Hat Gluster Storage uses the Graphite as a data source not the OpenTSDB, hence the impact by this vulnerability is set to low.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Ceph Storage 2 | grafana | Out of support scope | ||
| Red Hat Ceph Storage 3 | grafana | Affected | ||
| Red Hat Ceph Storage 3 | grafana-container | Affected | ||
| Red Hat Ceph Storage 4 | rhceph/rhceph-4-dashboard-rhel8 | Affected | ||
| Red Hat OpenShift Container Platform 3.11 | openshift3/grafana | Will not fix | ||
| Red Hat OpenShift Container Platform 4 | openshift4/ose-grafana | Will not fix | ||
| Red Hat Storage 3 | grafana | Affected | ||
| OpenShift Service Mesh 1.0 | servicemesh-grafana | Fixed | RHSA-2020:2861 | 07.07.2020 |
| OpenShift Service Mesh 1.1 | servicemesh-grafana | Fixed | RHSA-2020:2796 | 01.07.2020 |
| Red Hat Enterprise Linux 8 | grafana | Fixed | RHSA-2020:4682 | 04.11.2020 |
Показывать по
Дополнительная информация
Статус:
EPSS
6.1 Medium
CVSS3
Связанные уязвимости
Grafana before 7.0.0 allows tag value XSS via the OpenTSDB datasource.
Grafana before 7.0.0 allows tag value XSS via the OpenTSDB datasource.
Grafana before 7.0.0 allows tag value XSS via the OpenTSDB datasource.
ELSA-2020-4682: grafana security, bug fix, and enhancement update (MODERATE)
EPSS
6.1 Medium
CVSS3