GHSA-VW7Q-P2QG-4M5F Grafana Stored Cross-site Scripting in Unified Alerting

Today we are releasing Grafana 8.3.10, 8.4.10, 8.5.9 and 9.0.3. This patch release includes a HIGH severity security fix for a stored Cross Site Scripting in Grafana. Release v.9.0.3, containing this security fix and other patches: - Download Grafana 9.0.3 - Release notes Release v.8.5.9,...

Grafana Labs Stored XSS (CVE-2022-31097)

According to its self-reported version number, the version of Grafana Labs running on the remote host is affected by a stored cross-site scripting vulnerability: - XSS vulnerability in the Unified Alerting feature of Grafana. After analysis, this stored XSS could be used to elevate privileges fro...

Security Bulletin: IBM Storage Ceph is vulnerable to cross-site scripting due to Grafana (CVE-2022-31097)

Summary Grafana is used by IBM Storage Ceph as part of the dashboard to monitor the stats for each cluster. CVE-2022-31097. Vulnerability Details CVEID: CVE-2022-31097 DESCRIPTION: Grafana is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the Unified...

SUSE: Security Advisory (SUSE-SU-2023:2578-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE-SU-2023:2578-1 Security update for SUSE Manager Client Tools

This update fixes the following issues: bind: - Provide bind dependencies and solve installation issues on SUSE Linux Enterprise Micro - There are no source changes dracut-saltboot: - Update to version 0.1.1681904360.84ef141 Load network configuration even when missing protocol version bsc1210640...

Important: Red Hat Security Advisory: Red Hat Ceph Storage 6.1 Container security and bug fix update

A new container image for Red Hat Ceph Storage 6.1 is now available in the Red Hat Ecosystem Catalog. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is availabl...

Security fix for the ALT Linux 10 package grafana version 8.5.20-alt1

8.5.20-alt1 built Jan. 31, 2023 Alexey Shabalin in task 314152 Jan. 25, 2023 Alexey Shabalin - 8.5.20 - Fixes: + CVE-2022-39307 + CVE-2022-39306 + CVE-2022-39229 + CVE-2022-39201 + CVE-2022-36062 + CVE-2022-35957 + CVE-2022-31130 + CVE-2022-31123 + CVE-2022-31107 + CVE-2022-31097 + CVE-2022-29170...

SUSE: Security Advisory (SUSE-SU-2022:4428-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Grafana Cross-Site Scripting (CVE-2022-31097)

A cross-site scripting vulnerability exists in Grafana. Successful exploitation of this vulnerability would allow remote attackers to inject arbitrary web script into the affected system...

SUSE: Security Advisory (SUSE-SU-2022:3751-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2022:3747-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Grafana XSS Vulnerability (GHSA-vw7q-p2qg-4m5f)

Grafana is prone to a cross-site scripting XSS vulnerability. Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software;...

CVE-2022-31097

creationtimestamp| type| source ---|---|--- 2022-07-15 16:35:18+00:00| seen| https://t.me/cibsecurity/46300...

CVE-2022-31097

Grafana is an open-source platform for monitoring and observability. Versions on the 8.x and 9.x branch prior to 9.0.3, 8.5.9, 8.4.10, and 8.3.10 are vulnerable to stored cross-site scripting via the Unified Alerting feature of Grafana. An attacker can exploit this vulnerability to escalate...

CVE-2022-31097

Grafana versions 8.x and 9.x prior to patches (9.0.3, 8.5.9, 8.4.10, 8.3.10) are vulnerable to a stored XSS via Unified Alerting that can escalate an authenticated editor to admin by fooling an admin into clicking a link. Patched releases are 9.0.3, 8.5.9, 8.4.10, and 8.3.10. Workarounds include ...

CVE-2022-31097 Stored XSS in Grafana's Unified Alerting

Grafana is an open-source platform for monitoring and observability. Versions on the 8.x and 9.x branch prior to 9.0.3, 8.5.9, 8.4.10, and 8.3.10 are vulnerable to stored cross-site scripting via the Unified Alerting feature of Grafana. An attacker can exploit this vulnerability to escalate...