Grafana Cross Site Request Forgery (CSRF)

🗓️ 01 Feb 2024 00:16:02Reported by GitHub Advisory DatabaseType

Grafana releases 8.3.5 and 7.5.15 with medium severity CSRF vulnerability fix and timeline of the fi

Reporter	Title	Published	Views	Family All 109
ALT Linux	Security fix for the ALT Linux 10 package grafana version 8.5.0-alt1	5 May 202200:00	–	altlinux
IBM Security Bulletins	Security Bulletin: Watson Machine Learning Accelerator on Cloud Pak for Data is affected by multiple vulnerabilities in Grafana	26 Mar 202502:48	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Storage Ceph is vulnerable to Cross-Site Request Forgery in Grafana (CVE-2022-21703)	1 Nov 202319:58	–	ibm
Tenable Nessus	AlmaLinux 8 : grafana (ALSA-2022:7519)	12 Nov 202200:00	–	nessus
Tenable Nessus	AlmaLinux 9 : grafana (ALSA-2022:8057)	19 Nov 202200:00	–	nessus
Tenable Nessus	CentOS 8 : grafana (CESA-2022:7519)	9 Nov 202200:00	–	nessus
Tenable Nessus	CentOS 9 : grafana-9.0.9-1.el9	29 Feb 202400:00	–	nessus
Tenable Nessus	MiracleLinux 8 : grafana-7.5.15-3.el8 (AXSA:2022-4363:06)	20 Jan 202600:00	–	nessus
Tenable Nessus	MiracleLinux 9 : grafana-7.5.15-3.el9 (AXSA:2023-4629:01)	20 Jan 202600:00	–	nessus
Tenable Nessus	Oracle Linux 8 : grafana (ELSA-2022-7519)	15 Nov 202200:00	–	nessus

Vulners

Node

grafana grafanaRange8.0.0–8.3.5go

grafana grafanaRange3.0-beta1–7.5.15go

Source	Link
github	www.github.com/grafana/grafana/security/advisories/GHSA-cmf4-h3xc-jw8w
nvd	www.nvd.nist.gov/vuln/detail/CVE-2022-21703
github	www.github.com/grafana/grafana/pull/45083
grafana	www.grafana.com/blog/2022/02/08/grafana-7.5.15-and-8.3.5-released-with-moderate-severity-security-fixes/
lists	www.lists.fedoraproject.org/archives/list/[email protected]/message/2PFW6Q2LXXWTFRTMTRN4ZGADFRQPKJ3D/
lists	www.lists.fedoraproject.org/archives/list/[email protected]/message/36GUEPA5TPSC57DZTPYPBL6T7UPQ2FRH/
lists	www.lists.fedoraproject.org/archives/list/[email protected]/message/HLAQRRGNSO5MYCPAXGPH2OCSHOGHSQMQ/
security	www.security.netapp.com/advisory/ntap-20220303-0005/
github	www.github.com/advisories/GHSA-cmf4-h3xc-jw8w

01 Feb 2024 00:16Current

7.2High risk

Vulners AI Score7.2

CVSS 26.8

CVSS 3.16.3 - 8.8

EPSS0.01869

SSVC