FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Grafana -- XSS

Affected packages
6.0.0 <= grafana6
grafana7 < 7.5.15
grafana8 < 8.3.5

Details

VuXML ID cecbc674-8b83-11ec-b369-6c3be5272acd
Discovery 2022-01-16
Entry 2022-02-12

Grafana Labs reports:

On Jan. 16, an external security researcher, Jasu Viding contacted Grafana to disclose an XSS vulnerability in the way that Grafana handles data sources. Should an existing data source connected to Grafana be compromised, it could be used to inappropriately gain access to other data sources connected to the same Grafana org. We believe that this vulnerability is rated at CVSS 6.8 (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N).

[source]

References

CVE Name CVE-2022-21702
URL https://grafana.com/blog/2022/02/08/grafana-7.5.15-and-8.3.5-released-with-moderate-severity-security-fixes/

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.