Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2023-2801

Опубликовано: 06 июн. 2023
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS3: 7.5

Описание

Grafana is an open-source platform for monitoring and observability. Using public dashboards users can query multiple distinct data sources using mixed queries. However such query has a possibility of crashing a Grafana instance. The only feature that uses mixed queries at the moment is public dashboards, but it's also possible to cause this by calling the query API directly. This might enable malicious users to crash Grafana instances through that endpoint. Users may upgrade to version 9.4.12 and 9.5.3 to receive a fix.

РелизСтатусПримечание
bionic

ignored

end of standard support
devel

DNE

esm-apps/xenial

needs-triage

esm-infra/focal

DNE

focal

DNE

jammy

DNE

kinetic

DNE

lunar

DNE

mantic

DNE

noble

DNE

Показывать по

Ссылки на источники

EPSS

Процентиль: 62%
0.00432
Низкий

7.5 High

CVSS3

Связанные уязвимости

redhat логотип

CVE-2023-2801

CVSS3: 7.5
redhat
около 2 лет назад

Grafana is an open-source platform for monitoring and observability. Using public dashboards users can query multiple distinct data sources using mixed queries. However such query has a possibility of crashing a Grafana instance. The only feature that uses mixed queries at the moment is public dashboards, but it's also possible to cause this by calling the query API directly. This might enable malicious users to crash Grafana instances through that endpoint. Users may upgrade to version 9.4.12 and 9.5.3 to receive a fix.

nvd логотип

CVE-2023-2801

CVSS3: 7.5
nvd
около 2 лет назад

Grafana is an open-source platform for monitoring and observability. Using public dashboards users can query multiple distinct data sources using mixed queries. However such query has a possibility of crashing a Grafana instance. The only feature that uses mixed queries at the moment is public dashboards, but it's also possible to cause this by calling the query API directly. This might enable malicious users to crash Grafana instances through that endpoint. Users may upgrade to version 9.4.12 and 9.5.3 to receive a fix.

debian логотип

CVE-2023-2801

CVSS3: 7.5
debian
около 2 лет назад

Grafana is an open-source platform for monitoring and observability. ...

github логотип

GHSA-x2w4-c67p-g44j

CVSS3: 7.5
github
около 2 лет назад

Grafana Missing Synchronization vulnerability

fstec логотип

BDU:2023-03204

CVSS3: 7.5
fstec
около 2 лет назад

Уязвимость веб-инструмента представления данных Grafana, связанная с ошибками синхронизации, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 62%
0.00432
Низкий

7.5 High

CVSS3