Описание
An open redirect vulnerability has been identified in Grafana OSS organization switching functionality. Prerequisites for exploitation:
- Multiple organizations must exist in the Grafana instance
- Victim must be on a different organization than the one specified in the URL
A flaw was found in Grafana, where the organization switching functionality caused an open redirect vulnerability. To make this exploitable, the Grafana instance must have more than one organization, and the user being redirected must be a member of both. Furthermore, the attacker needs to know the ID of the organization that the user is currently viewing.
Отчет
This vulnerability is considered Low severity because its exploitation relies on very restrictive preconditions that significantly limit its real-world impact. The Grafana instance must have multiple organizations, the targeted user must be a member of both organizations, and the attacker must already know the exact organization ID that the user is currently viewing—information that is typically inaccessible without prior compromise or insider knowledge. Additionally, the flaw does not directly expose sensitive data or allow privilege escalation; it only enables an open redirect under tightly constrained circumstances.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 10 | grafana | Fix deferred | ||
| Red Hat Enterprise Linux 8 | grafana | Fix deferred | ||
| Red Hat Enterprise Linux 9 | grafana | Fix deferred |
Показывать по
Дополнительная информация
Статус:
EPSS
4.3 Medium
CVSS3
Связанные уязвимости
An open redirect vulnerability has been identified in Grafana OSS organization switching functionality. Prerequisites for exploitation: - Multiple organizations must exist in the Grafana instance - Victim must be on a different organization than the one specified in the URL
An open redirect vulnerability has been identified in Grafana OSS organization switching functionality. Prerequisites for exploitation: - Multiple organizations must exist in the Grafana instance - Victim must be on a different organization than the one specified in the URL
An open redirect vulnerability has been identified in Grafana OSS orga ...
An open redirect vulnerability has been identified in Grafana OSS organization switching functionality. Prerequisites for exploitation: - Multiple organizations must exist in the Grafana instance - Victim must be on a different organization than the one specified in the URL
Уязвимость компонента OSS Organization Switching платформы для мониторинга и наблюдения Grafana, позволяющая нарушителю перенаправить пользователя на произвольный сайт
EPSS
4.3 Medium
CVSS3