Kubernetes: monitoring.prow-canary.k8s.io is vulnerable to CVE-2022-21703 (Grafana 0-day)

🗓️ 01 Feb 2022 12:17:30Reported by jub0bsType

hackerone

hackerone🔗 hackerone.com👁 20 Views

Kubernetes: monitoring.prow-canary.k8s.io Grafana CVE-2022-21703 vulnerabilit

Reporter	Title	Published	Views	Family All 108
ALT Linux	Security fix for the ALT Linux 10 package grafana version 8.5.0-alt1	5 May 202200:00	–	altlinux
IBM Security Bulletins	Security Bulletin: Watson Machine Learning Accelerator on Cloud Pak for Data is affected by multiple vulnerabilities in Grafana	26 Mar 202502:48	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Storage Ceph is vulnerable to Cross-Site Request Forgery in Grafana (CVE-2022-21703)	1 Nov 202319:58	–	ibm
Tenable Nessus	AlmaLinux 8 : grafana (ALSA-2022:7519)	12 Nov 202200:00	–	nessus
Tenable Nessus	AlmaLinux 9 : grafana (ALSA-2022:8057)	19 Nov 202200:00	–	nessus
Tenable Nessus	CentOS 8 : grafana (CESA-2022:7519)	9 Nov 202200:00	–	nessus
Tenable Nessus	CentOS 9 : grafana-9.0.9-1.el9	29 Feb 202400:00	–	nessus
Tenable Nessus	MiracleLinux 8 : grafana-7.5.15-3.el8 (AXSA:2022-4363:06)	20 Jan 202600:00	–	nessus
Tenable Nessus	MiracleLinux 9 : grafana-7.5.15-3.el9 (AXSA:2023-4629:01)	20 Jan 202600:00	–	nessus
Tenable Nessus	Oracle Linux 8 : grafana (ELSA-2022-7519)	15 Nov 202200:00	–	nessus

25 Jun 2024 12:25Current

8.7High risk

Vulners AI Score8.7

CVSS 3.16.3 - 8.8

CVSS 26.8

EPSS0.01869

kubernetes monitoring prow-canary grafana cve-2022-21703 xss subdomain takeover cross-origin attack privileges poc update mitigation