Количество 14
Количество 14
GHSA-vw7q-p2qg-4m5f
Grafana Stored Cross-site Scripting in Unified Alerting
CVE-2022-31097
Grafana is an open-source platform for monitoring and observability. Versions on the 8.x and 9.x branch prior to 9.0.3, 8.5.9, 8.4.10, and 8.3.10 are vulnerable to stored cross-site scripting via the Unified Alerting feature of Grafana. An attacker can exploit this vulnerability to escalate privilege from editor to admin by tricking an authenticated admin to click on a link. Versions 9.0.3, 8.5.9, 8.4.10, and 8.3.10 contain a patch. As a workaround, it is possible to disable alerting or use legacy alerting.
CVE-2022-31097
Grafana is an open-source platform for monitoring and observability. Versions on the 8.x and 9.x branch prior to 9.0.3, 8.5.9, 8.4.10, and 8.3.10 are vulnerable to stored cross-site scripting via the Unified Alerting feature of Grafana. An attacker can exploit this vulnerability to escalate privilege from editor to admin by tricking an authenticated admin to click on a link. Versions 9.0.3, 8.5.9, 8.4.10, and 8.3.10 contain a patch. As a workaround, it is possible to disable alerting or use legacy alerting.
CVE-2022-31097
Grafana is an open-source platform for monitoring and observability. Versions on the 8.x and 9.x branch prior to 9.0.3, 8.5.9, 8.4.10, and 8.3.10 are vulnerable to stored cross-site scripting via the Unified Alerting feature of Grafana. An attacker can exploit this vulnerability to escalate privilege from editor to admin by tricking an authenticated admin to click on a link. Versions 9.0.3, 8.5.9, 8.4.10, and 8.3.10 contain a patch. As a workaround, it is possible to disable alerting or use legacy alerting.
CVE-2022-31097
Grafana is an open-source platform for monitoring and observability. V ...
BDU:2022-07077
Уязвимость компонентов column.title и cellLinkTooltip веб-инструмента представления данных Grafana, позволяющая нарушителю повысить свои привилегии
SUSE-SU-2022:3751-1
Security update for SUSE Manager Client Tools
SUSE-SU-2022:3747-1
Security update for SUSE Manager Client Tools
SUSE-SU-2022:3765-1
Security update for grafana
SUSE-SU-2022:4437-1
Security update for SUSE Manager Client Tools
SUSE-SU-2022:4428-1
Security update for grafana
SUSE-SU-2023:2575-1
Security update for SUSE Manager Client Tools
SUSE-SU-2023:2578-1
Security update for SUSE Manager Client Tools
ROS-20240403-01
Множественные уязвимости grafana
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
| GHSA-vw7q-p2qg-4m5f Grafana Stored Cross-site Scripting in Unified Alerting | CVSS3: 7.3 | 49% Средний | около 1 года назад |
 | CVE-2022-31097 Grafana is an open-source platform for monitoring and observability. Versions on the 8.x and 9.x branch prior to 9.0.3, 8.5.9, 8.4.10, and 8.3.10 are vulnerable to stored cross-site scripting via the Unified Alerting feature of Grafana. An attacker can exploit this vulnerability to escalate privilege from editor to admin by tricking an authenticated admin to click on a link. Versions 9.0.3, 8.5.9, 8.4.10, and 8.3.10 contain a patch. As a workaround, it is possible to disable alerting or use legacy alerting. | CVSS3: 7.3 | 49% Средний | почти 3 года назад |
 | CVE-2022-31097 Grafana is an open-source platform for monitoring and observability. Versions on the 8.x and 9.x branch prior to 9.0.3, 8.5.9, 8.4.10, and 8.3.10 are vulnerable to stored cross-site scripting via the Unified Alerting feature of Grafana. An attacker can exploit this vulnerability to escalate privilege from editor to admin by tricking an authenticated admin to click on a link. Versions 9.0.3, 8.5.9, 8.4.10, and 8.3.10 contain a patch. As a workaround, it is possible to disable alerting or use legacy alerting. | CVSS3: 7.3 | 49% Средний | почти 3 года назад |
 | CVE-2022-31097 Grafana is an open-source platform for monitoring and observability. Versions on the 8.x and 9.x branch prior to 9.0.3, 8.5.9, 8.4.10, and 8.3.10 are vulnerable to stored cross-site scripting via the Unified Alerting feature of Grafana. An attacker can exploit this vulnerability to escalate privilege from editor to admin by tricking an authenticated admin to click on a link. Versions 9.0.3, 8.5.9, 8.4.10, and 8.3.10 contain a patch. As a workaround, it is possible to disable alerting or use legacy alerting. | CVSS3: 7.3 | 49% Средний | почти 3 года назад |
| CVE-2022-31097 Grafana is an open-source platform for monitoring and observability. V ... | CVSS3: 7.3 | 49% Средний | почти 3 года назад |
 | BDU:2022-07077 Уязвимость компонентов column.title и cellLinkTooltip веб-инструмента представления данных Grafana, позволяющая нарушителю повысить свои привилегии | CVSS3: 8.7 | 49% Средний | почти 3 года назад |
 | SUSE-SU-2022:3751-1 Security update for SUSE Manager Client Tools | больше 2 лет назад | ||
| SUSE-SU-2022:3747-1 Security update for SUSE Manager Client Tools | больше 2 лет назад | ||
| SUSE-SU-2022:3765-1 Security update for grafana | больше 2 лет назад | ||
| SUSE-SU-2022:4437-1 Security update for SUSE Manager Client Tools | больше 2 лет назад | ||
| SUSE-SU-2022:4428-1 Security update for grafana | больше 2 лет назад | ||
| SUSE-SU-2023:2575-1 Security update for SUSE Manager Client Tools | почти 2 года назад | ||
| SUSE-SU-2023:2578-1 Security update for SUSE Manager Client Tools | почти 2 года назад | ||
 | ROS-20240403-01 Множественные уязвимости grafana | CVSS3: 9.8 | около 1 года назад |
Уязвимостей на страницу