GHSA-22C6-3H88-26M3 Ignite Realtime Openfire allows Cross-site Scripting

Ignite Realtime Openfire 4.4.1 allows XSS via the setup/setup-datasource-standard.jsp serverURL parameter. This issue was fixed in version 4.4.2...

Ignite Realtime Openfire allows Cross-site Scripting

Ignite Realtime Openfire 4.4.1 allows XSS via the setup/setup-datasource-standard.jsp driver parameter. This issue was fixed in version 4.4.2...

Ignite Realtime Openfire allows Cross-site Scripting

Ignite Realtime Openfire 4.4.1 allows XSS via the setup/setup-datasource-standard.jsp username parameter. This issue was fixed in version 4.4.2...

Grafana Datasource Network Restriction Bypass Vulnerability (GHSA-9rrr-6fq2-4f99)

Grafana is prone to a datasource network restriction bypass vulnerability. Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is...

Server-side Request Forgery (SSRF)

Grafana is vulnerable to server-side request forgery. The vulnerability allows someone to bypass these security configurations if a malicious datasource running on an allowed host returns an HTTP redirect to a forbidden host. The vulnerability only impacts Grafana Enterprise when the Request...

CVE-2022-29170 Grafana Enterprise datasource network restrictions bypass via HTTP redirects

Grafana is an open-source platform for monitoring and observability. In Grafana Enterprise, the Request security feature allows list allows to configure Grafana in a way so that the instance doesn’t call or only calls specific hosts. The vulnerability present starting with version 7.4.0-beta1 and...

CVE-2022-29170

Grafana is an open-source platform for monitoring and observability. In Grafana Enterprise, the Request security feature allows list allows to configure Grafana in a way so that the instance doesn’t call or only calls specific hosts. The vulnerability present starting with version 7.4.0-beta1 and...

User confusion in IronJacamar

The IronJacamar container before 1.0.12.Final for JBoss Application Server, when allow-multiple-users is enabled in conjunction with a security domain, does not use the credentials supplied in a getConnection function call, which allows remote attackers to obtain access to an arbitrary datasource...

GHSA-PPG2-WW3W-HQ84 User confusion in IronJacamar

The IronJacamar container before 1.0.12.Final for JBoss Application Server, when allow-multiple-users is enabled in conjunction with a security domain, does not use the credentials supplied in a getConnection function call, which allows remote attackers to obtain access to an arbitrary datasource...

Cross site scripting

Grafana is an open-source platform for monitoring and observability. In affected versions an attacker could serve HTML content thru the Grafana datasource or plugin proxy and trick a user to visit this HTML page using a specially crafted link and execute a Cross-site Scripting XSS attack. The...

CVE-2022-21702 Cross site scripting in Grafana proxy

Grafana is an open-source platform for monitoring and observability. In affected versions an attacker could serve HTML content thru the Grafana datasource or plugin proxy and trick a user to visit this HTML page using a specially crafted link and execute a Cross-site Scripting XSS attack. The...

CVE-2022-21702 Cross site scripting in Grafana proxy

Grafana is an open-source platform for monitoring and observability. In affected versions an attacker could serve HTML content thru the Grafana datasource or plugin proxy and trick a user to visit this HTML page using a specially crafted link and execute a Cross-site Scripting XSS attack. The...

Grafana proxy XSS

Grafana is an open-source platform for monitoring and observability. In affected versions an attacker could serve HTML content thru the Grafana datasource or plugin proxy and trick a user to visit this HTML page using a specially crafted link and execute a Cross-site Scripting XSS attack. The...

Remote Code Execution (RCE)

org.apache.kylin:kylin-datasource-sdk is vulnerable to remote code execution. A remote attacker is able to inject and execute malicious code from a hacker-controlled malicious MySQL server within Kylin server processes because the library allows users to read data from other database systems usin...

UBUNTU-CVE-2021-43815

Grafana is an open-source platform for monitoring and observability. Grafana prior to versions 8.3.2 and 7.5.12 has a directory traversal for arbitrary .csv files. It only affects instances that have the developer testing tool called TestData DB data source enabled and configured. The vulnerabili...

GHSA-R695-7VR9-JGC2 Unsafe Deserialization in jackson-databind

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource...

GHSA-H3CW-G4MQ-C5X2 Code Injection in jackson-databind

This project contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource aka Anteros-DBCP...

com.alibaba.otter:canal.deployer (>=1.1.7 <=1.1.8), com.alibaba.otter:canal.instance.core (>=1.1.7 <=1.1.8) +90 more potentially affected by CVE-2021-37137 via org.jboss.netty:netty (>=3.1.0.BETA1 <=3.2.10.Final)

org.jboss.netty:netty MAVEN version =3.1.0.BETA1, =1.1.7, =1.1.7, =1.1.7, =1.1.7, =1.1.7, =1.1.7, =1.1.7, =1.1.7, =1.1.7, =5.0.2, =5.0.2, =5.0.2, =5.0.2, =5.0.2, =5.6.4 and more Source cves: CVE-2021-37137 Source advisory: OSV:GHSA-9VJP-V76F-G363...

grafana security, bug fix, and enhancement update

7.3.6-2 - change working dir to in grafana-cli wrapper fixes Red Hat BZ 1916083 - add pcp-redis-datasource to allowloadingunsignedplugins config option 7.3.6-1 - update to 7.3.6 tagged upstream community sources, see CHANGELOG - remove dependency on SAML not supported in the open source version o...

grafana: XSS via a query alias for the Elasticsearch and Testdata datasource

A flaw was found in grafana. A XSS via a query alias for the ElasticSearch datasource is allowed...