Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2023-0507

Опубликовано: 01 мар. 2023
Источник: redhat
CVSS3: 7.3
EPSS Средний

Описание

Grafana is an open-source platform for monitoring and observability. Starting with the 8.1 branch, Grafana had a stored XSS vulnerability affecting the core plugin GeoMap. The stored XSS vulnerability was possible due to map attributions weren't properly sanitized and allowed arbitrary JavaScript to be executed in the context of the currently authorized user of the Grafana instance. An attacker needs to have the Editor role in order to change a panel to include a map attribution containing JavaScript. This means that vertical privilege escalation is possible, where a user with Editor role can change to a known password for a user having Admin role if the user with Admin role executes malicious JavaScript viewing a dashboard. Users may upgrade to version 8.5.21, 9.2.13 and 9.3.8 to receive a fix.

A flaw was found in the GeoMap Grafana plugin, where a user can store unsanitized HTML in the GeoMap plugin under the Attribution text field, and the client will process it. The vulnerability makes it possible to use XHR to make arbitrary API calls on behalf of the attacked user. This means that a malicious user with editor permissions could alter a GeoMap panel to include JavaScript that changes the password for the user viewing the panel (this could be an admin) to a known password, thus gaining access to the admin account and resulting as the editor becoming an admin.

Отчет

For Grafana package shipped in Red Hat Enterprise Linux, it is not possible to take advantage of this vulnerability without specialized 'editor' access, which reduces the impact of this issue in RHEL. Thus, it is set to Moderate.

Меры по смягчению последствий

Applying the Content-Security-Policy shipped with Grafana would block inline scripts from executing and would mitigate this.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
OpenShift Service Mesh 2.1servicemesh-grafanaNot affected
Red Hat Advanced Cluster Management for Kubernetes 2rhacm2/acm-grafana-rhel8Affected
Red Hat Ceph Storage 3grafanaNot affected
Red Hat Ceph Storage 4rhceph/rhceph-4-dashboard-rhel8Not affected
Red Hat Enterprise Linux 8grafanaNot affected
Red Hat Enterprise Linux 9grafanaAffected
Red Hat OpenShift Container Platform 4openshift4/ose-grafanaNot affected
Red Hat Storage 3grafanaNot affected
Red Hat Ceph Storage 5.3rhceph/rhceph-5-dashboard-rhel8FixedRHSA-2024:074608.02.2024

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important
Дефект:
CWE-80
https://bugzilla.redhat.com/show_bug.cgi?id=2168038grafana: cross site scripting

EPSS

Процентиль: 98%
0.66153
Средний

7.3 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2023-0507

CVSS3: 7.3
ubuntu
больше 2 лет назад

Grafana is an open-source platform for monitoring and observability. Starting with the 8.1 branch, Grafana had a stored XSS vulnerability affecting the core plugin GeoMap. The stored XSS vulnerability was possible due to map attributions weren't properly sanitized and allowed arbitrary JavaScript to be executed in the context of the currently authorized user of the Grafana instance. An attacker needs to have the Editor role in order to change a panel to include a map attribution containing JavaScript. This means that vertical privilege escalation is possible, where a user with Editor role can change to a known password for a user having Admin role if the user with Admin role executes malicious JavaScript viewing a dashboard. Users may upgrade to version 8.5.21, 9.2.13 and 9.3.8 to receive a fix.

nvd логотип

CVE-2023-0507

CVSS3: 7.3
nvd
больше 2 лет назад

Grafana is an open-source platform for monitoring and observability. Starting with the 8.1 branch, Grafana had a stored XSS vulnerability affecting the core plugin GeoMap. The stored XSS vulnerability was possible due to map attributions weren't properly sanitized and allowed arbitrary JavaScript to be executed in the context of the currently authorized user of the Grafana instance. An attacker needs to have the Editor role in order to change a panel to include a map attribution containing JavaScript. This means that vertical privilege escalation is possible, where a user with Editor role can change to a known password for a user having Admin role if the user with Admin role executes malicious JavaScript viewing a dashboard. Users may upgrade to version 8.5.21, 9.2.13 and 9.3.8 to receive a fix.

debian логотип

CVE-2023-0507

CVSS3: 7.3
debian
больше 2 лет назад

Grafana is an open-source platform for monitoring and observability. ...

github логотип

GHSA-hjv9-hm2f-rpcj

CVSS3: 5.4
github
больше 2 лет назад

Grafana vulnerable to Cross-site Scripting

fstec логотип

BDU:2023-01605

CVSS3: 7.3
fstec
больше 2 лет назад

Уязвимость плагина GeoMap веб-инструмента представления данных Grafana, связанная с недостаточной защитой структуры веб-страницы, позволяющая нарушителю повысить свои привилегии

EPSS

Процентиль: 98%
0.66153
Средний

7.3 High

CVSS3