Количество 10
Количество 10
GHSA-4724-7jwc-3fpw
Grafana Spoofing originalUrl of snapshots
CVE-2022-39324
Grafana is an open-source platform for monitoring and observability. Prior to versions 8.5.16 and 9.2.8, malicious user can create a snapshot and arbitrarily choose the `originalUrl` parameter by editing the query, thanks to a web proxy. When another user opens the URL of the snapshot, they will be presented with the regular web interface delivered by the trusted Grafana server. The `Open original dashboard` button no longer points to the to the real original dashboard but to the attacker’s injected URL. This issue is fixed in versions 8.5.16 and 9.2.8.
CVE-2022-39324
Grafana is an open-source platform for monitoring and observability. Prior to versions 8.5.16 and 9.2.8, malicious user can create a snapshot and arbitrarily choose the `originalUrl` parameter by editing the query, thanks to a web proxy. When another user opens the URL of the snapshot, they will be presented with the regular web interface delivered by the trusted Grafana server. The `Open original dashboard` button no longer points to the to the real original dashboard but to the attacker’s injected URL. This issue is fixed in versions 8.5.16 and 9.2.8.
CVE-2022-39324
Grafana is an open-source platform for monitoring and observability. Prior to versions 8.5.16 and 9.2.8, malicious user can create a snapshot and arbitrarily choose the `originalUrl` parameter by editing the query, thanks to a web proxy. When another user opens the URL of the snapshot, they will be presented with the regular web interface delivered by the trusted Grafana server. The `Open original dashboard` button no longer points to the to the real original dashboard but to the attacker’s injected URL. This issue is fixed in versions 8.5.16 and 9.2.8.
CVE-2022-39324
Grafana is an open-source platform for monitoring and observability. P ...
BDU:2024-02614
Уязвимость платформы для мониторинга и наблюдения Grafana, связанная с неправильной нейтрализацией ввода во время создания веб-страницы, позволяющая нарушителю внедрять введенный URL-адреса
SUSE-SU-2023:0821-1
Security update for grafana
SUSE-SU-2023:0812-1
Security update for SUSE Manager Client Tools
ELSA-2023-6420
ELSA-2023-6420: grafana security and enhancement update (MODERATE)
ROS-20240404-01
Множественные уязвимости grafana
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
| GHSA-4724-7jwc-3fpw Grafana Spoofing originalUrl of snapshots | CVSS3: 6.7 | 0% Низкий | больше 1 года назад |
 | CVE-2022-39324 Grafana is an open-source platform for monitoring and observability. Prior to versions 8.5.16 and 9.2.8, malicious user can create a snapshot and arbitrarily choose the `originalUrl` parameter by editing the query, thanks to a web proxy. When another user opens the URL of the snapshot, they will be presented with the regular web interface delivered by the trusted Grafana server. The `Open original dashboard` button no longer points to the to the real original dashboard but to the attacker’s injected URL. This issue is fixed in versions 8.5.16 and 9.2.8. | CVSS3: 6.7 | 0% Низкий | почти 3 года назад |
 | CVE-2022-39324 Grafana is an open-source platform for monitoring and observability. Prior to versions 8.5.16 and 9.2.8, malicious user can create a snapshot and arbitrarily choose the `originalUrl` parameter by editing the query, thanks to a web proxy. When another user opens the URL of the snapshot, they will be presented with the regular web interface delivered by the trusted Grafana server. The `Open original dashboard` button no longer points to the to the real original dashboard but to the attacker’s injected URL. This issue is fixed in versions 8.5.16 and 9.2.8. | CVSS3: 6.7 | 0% Низкий | почти 3 года назад |
 | CVE-2022-39324 Grafana is an open-source platform for monitoring and observability. Prior to versions 8.5.16 and 9.2.8, malicious user can create a snapshot and arbitrarily choose the `originalUrl` parameter by editing the query, thanks to a web proxy. When another user opens the URL of the snapshot, they will be presented with the regular web interface delivered by the trusted Grafana server. The `Open original dashboard` button no longer points to the to the real original dashboard but to the attacker’s injected URL. This issue is fixed in versions 8.5.16 and 9.2.8. | CVSS3: 6.7 | 0% Низкий | почти 3 года назад |
| CVE-2022-39324 Grafana is an open-source platform for monitoring and observability. P ... | CVSS3: 6.7 | 0% Низкий | почти 3 года назад |
 | BDU:2024-02614 Уязвимость платформы для мониторинга и наблюдения Grafana, связанная с неправильной нейтрализацией ввода во время создания веб-страницы, позволяющая нарушителю внедрять введенный URL-адреса | CVSS3: 3.5 | 0% Низкий | почти 3 года назад |
 | SUSE-SU-2023:0821-1 Security update for grafana | больше 2 лет назад | ||
| SUSE-SU-2023:0812-1 Security update for SUSE Manager Client Tools | больше 2 лет назад | ||
| ELSA-2023-6420 ELSA-2023-6420: grafana security and enhancement update (MODERATE) | почти 2 года назад | ||
 | ROS-20240404-01 Множественные уязвимости grafana | CVSS3: 9.4 | больше 1 года назад |
Уязвимостей на страницу