CVE-2022-39324

🗓️ 27 Jan 2023 23:08:15Reported by GitHub_MType

Grafana versions 8.5.16 and 9.2.8 allow malicious users to manipulate URLs and redirect users to attacker's site

Reporter	Title	Published	Views	Family All 36
Prion	Open redirect	27 Jan 202323:15	–	prion
OSV	GO-2024-2867 Grafana Spoofing originalUrl of snapshots in github.com/grafana/grafana	5 Jun 202415:10	–	osv
OSV	CGA-C7H2-F55V-9XJR	6 Jun 202412:25	–	osv
OSV	Grafana Spoofing originalUrl of snapshots	14 May 202422:29	–	osv
OSV	CVE-2022-39324	27 Jan 202323:15	–	osv
OSV	BIT-grafana-2022-39324	6 Mar 202410:54	–	osv
OSV	OPENSUSE-SU-2024:12659-1 grafana-8.5.20-1.1 on GA media	15 Jun 202400:00	–	osv
OSV	Moderate: grafana security and enhancement update	7 Nov 202300:00	–	osv
OSV	RHSA-2023:6420 Red Hat Security Advisory: grafana security and enhancement update	30 Sep 202414:58	–	osv
Vulnrichment	CVE-2022-39324 Grafana vulnerable to spoofing originalUrl of snapshots	27 Jan 202322:42	–	vulnrichment

Nvd

Vulners

Node

grafana grafanaRange<8.5.16

grafana grafanaRange9.0.0–9.2.8

[
  {
    "vendor": "grafana",
    "product": "grafana",
    "versions": [
      {
        "version": "< 8.5.16",
        "status": "affected"
      },
      {
        "version": ">= 9.0.0, < 9.2.8",
        "status": "affected"
      }
    ]
  }
]

Source	Link
github	www.github.com/grafana/grafana/security/advisories/GHSA-4724-7jwc-3fpw
github	www.github.com/grafana/grafana/commit/239888f22983010576bb3a9135a7294e88c0c74a
github	www.github.com/grafana/grafana/pull/60256
github	www.github.com/grafana/grafana/commit/d7dcea71ea763780dc286792a0afd560bff2985c
github	www.github.com/grafana/grafana/pull/60232
security	www.security.netapp.com/advisory/ntap-20230309-0010/

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

27 Jan 2023 23:15Current

4.9Medium risk

Vulners AI Score4.9

CVSS33.5 - 6.7

EPSS0.00144

SSVC

CWE-79