Описание
Grafana is an open-source platform for monitoring and observability. On 2023-01-01 during an internal audit of Grafana, a member of the security team found a stored XSS vulnerability affecting the core plugin "Text". The stored XSS vulnerability requires several user interactions in order to be fully exploited. The vulnerability was possible due to React's render cycle that will pass though the unsanitized HTML code, but in the next cycle the HTML is cleaned up and saved in Grafana's database. An attacker needs to have the Editor role in order to change a Text panel to include JavaScript. Another user needs to edit the same Text panel, and click on "Markdown" or "HTML" for the code to be executed. This means that vertical privilege escalation is possible, where a user with Editor role can change to a known password for a user having Admin role if the user with Admin role executes malicious JavaScript viewing a dashboard. This issue has been patched in versions 9.2.10 and 9.3.4.
A flaw was found in the Grafana core plugin, "Text." The vulnerability was possible due to React's render cycle that will pass through unsanitized HTML code. However, the HTML is cleaned and saved in Grafana's database in the next cycle. An attacker needs the Editor role in changing a Text panel to include JavaScript. Later, another user needs to edit the same Text panel and click "Markdown" or "HTML" to execute the code. This issue allows possible vertical privilege escalation, where a user with an Editor role can change to a known password for a user having an Admin role if the user with an Admin role executes malicious JavaScript viewing a dashboard.
Отчет
OpenShift Service Mesh containers include the grafana RPM from RHEL and consume CVE fixes for grafana from RHEL channels. The servicemesh-grafana RPM shipped in early versions of OpenShift Service Mesh 2.1 is no longer maintained.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| OpenShift Service Mesh 2.1 | servicemesh-grafana | Will not fix | ||
| Red Hat Advanced Cluster Management for Kubernetes 2 | rhacm2/acm-grafana-rhel8 | Not affected | ||
| Red Hat Ceph Storage 3 | grafana | Out of support scope | ||
| Red Hat Ceph Storage 4 | rhceph/rhceph-4-dashboard-rhel8 | Affected | ||
| Red Hat Enterprise Linux 8 | grafana | Will not fix | ||
| Red Hat Enterprise Linux 9 | grafana | Will not fix | ||
| Red Hat OpenShift Container Platform 4 | openshift4/ose-grafana | Not affected | ||
| Red Hat Storage 3 | grafana | Affected | ||
| Red Hat Ceph Storage 5.3 | rhceph/rhceph-5-dashboard-rhel8 | Fixed | RHSA-2024:0746 | 08.02.2024 |
Показывать по
Дополнительная информация
Статус:
6.4 Medium
CVSS3
Связанные уязвимости
Grafana is an open-source platform for monitoring and observability. On 2023-01-01 during an internal audit of Grafana, a member of the security team found a stored XSS vulnerability affecting the core plugin "Text". The stored XSS vulnerability requires several user interactions in order to be fully exploited. The vulnerability was possible due to React's render cycle that will pass though the unsanitized HTML code, but in the next cycle the HTML is cleaned up and saved in Grafana's database. An attacker needs to have the Editor role in order to change a Text panel to include JavaScript. Another user needs to edit the same Text panel, and click on "Markdown" or "HTML" for the code to be executed. This means that vertical privilege escalation is possible, where a user with Editor role can change to a known password for a user having Admin role if the user with Admin role executes malicious JavaScript viewing a dashboard. This issue has been patched in versions 9.2.10 and 9.3.4.
Grafana is an open-source platform for monitoring and observability. On 2023-01-01 during an internal audit of Grafana, a member of the security team found a stored XSS vulnerability affecting the core plugin "Text". The stored XSS vulnerability requires several user interactions in order to be fully exploited. The vulnerability was possible due to React's render cycle that will pass though the unsanitized HTML code, but in the next cycle the HTML is cleaned up and saved in Grafana's database. An attacker needs to have the Editor role in order to change a Text panel to include JavaScript. Another user needs to edit the same Text panel, and click on "Markdown" or "HTML" for the code to be executed. This means that vertical privilege escalation is possible, where a user with Editor role can change to a known password for a user having Admin role if the user with Admin role executes malicious JavaScript viewing a dashboard. This issue has been patched in versions 9.2.10 and 9.3.4.
Grafana is an open-source platform for monitoring and observability. O ...
Grafana vulnerable to Stored Cross-site Scripting in Text plugin
Уязвимость веб-инструмента представления данных Grafana, связанная с недостаточной очисткой пользовательских данныхt, позволяющая нарушителю осуществлять межсайтовые сценарные атаки (XSS)
6.4 Medium
CVSS3