10 matches found
CLSA-2026-1779532464 grafana: Fix of CVE-2022-39324
CVE-2022-39324: build snapshot originalUrl on the backend with a UID check and warn through a confirm modal before navigating to a cross-origin snapshot URL...
Linux Distros Unpatched Vulnerability : CVE-2022-39324
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Grafana is an open-source platform for monitoring and observability. Prior to versions 8.5.16 and 9.2.8, malicious user can create a snapshot and arbitrarily...
Security Bulletin: IBM Storage Ceph is vulnerable to Cross Site Scripting in Grafana (CVE-2022-39324)
Summary Grafana is used by IBM Storage Ceph as part of the dashboard to monitor the stats for each cluster. CVE-2022-39324 This bulletin identifies the steps to take to address the vulnerability in Grafana. Vulnerability Details CVEID:CVE-2022-39324 DESCRIPTION: Grafana could allow a remote...
Moderate: Red Hat Security Advisory: grafana security and enhancement update
An update for grafana is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...
SUSE: Security Advisory (SUSE-SU-2023:0812-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : SUSE Manager Client Tools (SUSE-SU-2023:0812-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:0812-1 advisory. dracut-saltboot: - Update to verion 0.1.1674034019.a93ff61 Install copied wicked config as...
FreeBSD : Grafana -- Spoofing originalUrl of snapshots (e6281d88-a7a7-11ed-8d6a-6c3be5272acd)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the e6281d88-a7a7-11ed-8d6a-6c3be5272acd advisory. - Grafana is an open-source platform for monitoring and observability. Prior to versions 8.5.16 and...
CVE-2022-39324
A flaw was found in the grafana package. While creating a snapshot, an attacker may manipulate a hidden HTTP parameter to inject a malicious URL in the "Open original dashboard" button...
CVE-2022-39324 vulnerabilities
Vulnerabilities for packages: grafana-fips...
CVE-2022-39324
Grafana prior to versions 8.5.16 and 9.2.8 is affected by CVE-2022-39324, where a malicious user can craft a snapshot URL to mislead other users via an attacker-injected originalUrl. The vulnerability arises from a web proxy-related query editing, causing the Open original dashboard button to poi...