Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM1C57F7BAA21015EDBBA149B751A345A4EC40B661D7A45108EF8A72BFED5BF3A3
HistoryNov 01, 2023 - 7:37 p.m.

Security Bulletin: IBM Storage Ceph is vulnerable to cross-site scripting due to Grafana (CVE-2022-31097)

2023-11-0119:37:45
www.ibm.com
7
ibm storage ceph
grafana
cross-site scripting
cve-2022-31097
upgrade

8.7 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N

6 Medium

AI Score

Confidence

High

4.9 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:P/I:P/A:N

0.007 Low

EPSS

Percentile

79.4%

JSON

Summary

Grafana is used by IBM Storage Ceph as part of the dashboard to monitor the stats for each cluster. CVE-2022-31097.

Vulnerability Details

CVEID:CVE-2022-31097
**DESCRIPTION:**Grafana is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the Unified Alerting feature. A remote authenticated attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim’s Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.
CVSS Base score: 7.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/231305 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Storage Ceph 5.3z1-z4

Remediation/Fixes

IBM strongly recommends addressing the vulnerability now.
Upgrade to 6.1 and follow instructions.

Workarounds and Mitigations

None

Related

osv 2
freebsd 1
checkpoint_advisories 1
veracode 2
cve 1
openvas 6
prion 1
alpinelinux 1
redhatcve 1
nessus 8
suse 2
altlinux 1
redos 1
ibm 1
redhat 1
osv
osv
BIT-grafana-2022-31097
2024-03-06 10:56:47
CVE-2022-31097
2022-07-15 12:15:08
freebsd
freebsd
Grafana -- Stored XSS
2022-06-19 00:00:00
checkpoint_advisories
checkpoint_advisories
Grafana Cross-Site Scripting (CVE-2022-31097)
2022-11-27 00:00:00
veracode
veracode
Cross-site Scripting (XSS)
2022-07-18 12:12:46
Stored Cross-Site Scripting (XSS)
2022-07-18 13:05:26
cve
cve
CVE-2022-31097
2022-07-15 12:15:00
openvas
openvas
Grafana XSS Vulnerability (GHSA-vw7q-p2qg-4m5f)
2022-07-18 00:00:00
SUSE: Security Advisory (SUSE-SU-2022:3751-1)
2022-10-27 00:00:00
SUSE: Security Advisory (SUSE-SU-2022:3747-1)
2022-10-27 00:00:00
prion
prion
Cross site scripting
2022-07-15 12:15:00
alpinelinux
alpinelinux
CVE-2022-31097
2022-07-15 12:15:00
redhatcve
redhatcve
CVE-2022-31097
2022-07-15 04:07:20
nessus
nessus
Grafana Labs Stored XSS (CVE-2022-31097)
2023-11-03 00:00:00
SUSE SLES15 Security Update : SUSE Manager Client Tools (SUSE-SU-2022:3751-1)
2022-10-27 00:00:00
SUSE SLES12 Security Update : SUSE Manager Client Tools (SUSE-SU-2022:3747-1)
2022-10-27 00:00:00
suse
suse
Security update for SUSE Manager Client Tools (moderate)
2022-10-26 00:00:00
Security update for grafana (important)
2022-10-26 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 10 package grafana version 8.5.20-alt1
2023-01-31 00:00:00
redos
redos
ROS-20240403-01
2024-04-03 00:00:00
ibm
ibm
Security Bulletin: Watson Machine Learning Accelerator on Cloud Pak for Data is affected by multiple vulnerabilities in Grafana
2023-11-17 16:01:52
redhat
redhat
(RHSA-2023:3642) Important: Red Hat Ceph Storage 6.1 Container security and bug fix update
2023-06-15 15:57:53

8.7 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N

6 Medium

AI Score

Confidence

High

4.9 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:P/I:P/A:N

0.007 Low

EPSS

Percentile

79.4%

JSON
Related for 1C57F7BAA21015EDBBA149B751A345A4EC40B661D7A45108EF8A72BFED5BF3A3
osv2freebsd1checkpoint_advisories1veracode2cve1openvas6prion1alpinelinux1redhatcve1nessus8suse2altlinux1redos1ibm1redhat1