FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Grafana -- Spoofing originalUrl of snapshots

Affected packages
8.0.0 <= grafana < 8.5.16
9.0.0 <= grafana < 9.2.10
9.3.0 <= grafana < 9.3.4
8.0.0 <= grafana8 < 8.5.16
9.0.0 <= grafana9 < 9.2.10
9.3.0 <= grafana9 < 9.3.4

Details

VuXML ID e6281d88-a7a7-11ed-8d6a-6c3be5272acd
Discovery 2023-01-25
Entry 2023-02-09

Grafana Labs reports:

A third-party penetration test of Grafana found a vulnerability in the snapshot functionality. The value of the originalUrl parameter is automatically generated. The purpose of the presented originalUrl parameter is to provide a user who views the snapshot with the possibility to click on the Local Snapshot button in the Grafana web UI and be presented with the dashboard that the snapshot captured. The value of the originalUrl parameter can be arbitrarily chosen by a malicious user that creates the snapshot. (Note: This can be done by editing the query thanks to a web proxy like Burp.)

We have assessed this vulnerability as having a CVSS score of 6.7 MEDIUM (CVSS:6.7/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:L).

[source]

References

CVE Name CVE-2022-39324
URL https://github.com/grafana/grafana/security/advisories/GHSA-4724-7jwc-3fpw

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.