Описание
An open redirect vulnerability has been identified in Grafana OSS organization switching functionality. Prerequisites for exploitation:
- Multiple organizations must exist in the Grafana instance
- Victim must be on a different organization than the one specified in the URL
A flaw was found in Grafana, where the organization switching functionality caused an open redirect vulnerability. To make this exploitable, the Grafana instance must have more than one organization, and the user being redirected must be a member of both. Furthermore, the attacker needs to know the ID of the organization that the user is currently viewing.
Меры по смягчению последствий
Currently, no mitigation is available for this vulnerability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 10 | grafana | Fix deferred | ||
| Red Hat Enterprise Linux 8 | grafana | Fix deferred | ||
| Red Hat Enterprise Linux 9 | grafana | Fix deferred |
Показывать по
Дополнительная информация
Статус:
EPSS
4.3 Medium
CVSS3
Связанные уязвимости
An open redirect vulnerability has been identified in Grafana OSS organization switching functionality. Prerequisites for exploitation: - Multiple organizations must exist in the Grafana instance - Victim must be on a different organization than the one specified in the URL
An open redirect vulnerability has been identified in Grafana OSS organization switching functionality. Prerequisites for exploitation: - Multiple organizations must exist in the Grafana instance - Victim must be on a different organization than the one specified in the URL
An open redirect vulnerability has been identified in Grafana OSS orga ...
An open redirect vulnerability has been identified in Grafana OSS organization switching functionality. Prerequisites for exploitation: - Multiple organizations must exist in the Grafana instance - Victim must be on a different organization than the one specified in the URL
EPSS
4.3 Medium
CVSS3