Lucene search
K

16 matches found

Github Security Blog
Github Security Blog
added 2024/02/01 12:16 a.m.29 views

Grafana Cross Site Request Forgery (CSRF)

Today we are releasing Grafana 8.3.5 and 7.5.15. This patch release includes MEDIUM severity security fix for Cross Site Request Forgery for Grafana. Release v.8.3.5, only containing security fixes: - Download Grafana 8.3.5 - Release notes Release v.7.5.15, only containing security fixes: -...

8.8CVSS7.2AI score0.02236EPSS
Exploits0References9Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/11/01 7:58 p.m.35 views

Security Bulletin: IBM Storage Ceph is vulnerable to Cross-Site Request Forgery in Grafana (CVE-2022-21703)

Summary Grafana is used by IBM Storage Ceph as part of the dashboard to monitor the stats for each cluster. CVE-2022-21703 Vulnerability Details CVEID: CVE-2022-21703 DESCRIPTION: Grafana is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input. By...

8.8CVSS5.5AI score0.02236EPSS
Exploits0Affected Software1
RedHat Linux
RedHat Linux
added 2022/11/15 10:31 a.m.40 views

Important: Red Hat Security Advisory: grafana security, bug fix, and enhancement update

An update for grafana is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

8.8CVSS6.9AI score0.05994EPSS
Exploits5References19
OSV
OSV
added 2022/11/15 12:0 a.m.33 views

ALSA-2022:8057 Important: grafana security, bug fix, and enhancement update

Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. The following packages have been upgraded to a later upstream version: grafana 7.5.15. BZ2055349 Security Fixes: sanitize-url: XSS due to improper sanitization in sanitizeUrl function...

8.8CVSS9.5AI score0.05994EPSS
Exploits5References32
Tenable Nessus
Tenable Nessus
added 2022/11/09 12:0 a.m.46 views

CentOS 8 : grafana (CESA-2022:7519)

The remote CentOS Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the CESA-2022:7519 advisory. - sanitize-url: XSS due to improper sanitization in sanitizeUrl function CVE-2021-23648 - golang: net/http: improper sanitization of Transfer-Encoding...

8.8CVSS7.2AI score0.05994EPSS
Exploits5References16
RedHat Linux
RedHat Linux
added 2022/11/08 9:34 a.m.32 views

Moderate: Red Hat Security Advisory: grafana security, bug fix, and enhancement update

An update for grafana is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

8.8CVSS6.9AI score0.05994EPSS
Exploits5References18
OpenVAS
OpenVAS
added 2022/06/21 12:0 a.m.35 views

SUSE: Security Advisory (SUSE-SU-2022:2134-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS9.3AI score0.99888EPSS
Exploits47References18
OpenVAS
OpenVAS
added 2022/05/17 12:0 a.m.35 views

openSUSE: Security Advisory for SUSE (SUSE-SU-2022:1396-1)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

9.8CVSS8AI score0.99888EPSS
Exploits47References4
ALT Linux
ALT Linux
added 2022/05/05 12:0 a.m.93 views

Security fix for the ALT Linux 10 package grafana version 8.5.0-alt1

8.5.0-alt1 built May 5, 2022 Alexey Shabalin in task 299382 April 26, 2022 Alexey Shabalin - 8.5.0 - Use pre-builded frontend - Fixes: + CVE-2022-24812 + CVE-2022-21702 + CVE-2022-21703 + CVE-2022-21713 + CVE-2021-43813 + CVE-2021-43815 + CVE-2021-41244 + CVE-2021-41174...

6.8CVSS6.4AI score0.84607EPSS
Exploits1
OpenVAS
OpenVAS
added 2022/04/21 12:0 a.m.36 views

Fedora: Security Advisory for grafana (FEDORA-2022-83405f9d5b)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

8.8CVSS8.9AI score0.05994EPSS
Exploits2References2
OpenVAS
OpenVAS
added 2022/04/21 12:0 a.m.27 views

Fedora: Security Advisory for grafana (FEDORA-2022-9dd03cab55)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

8.8CVSS8.9AI score0.05994EPSS
Exploits2References2
NVD
NVD
added 2022/02/08 9:15 p.m.17 views

CVE-2022-21703

Grafana is an open-source platform for monitoring and observability. Affected versions are subject to a cross site request forgery vulnerability which allows attackers to elevate their privileges by mounting cross-origin attacks against authenticated high-privilege Grafana users for example,...

8.8CVSS0.02236EPSS
Exploits0References7
UbuntuCve
UbuntuCve
added 2022/02/08 9:15 p.m.25 views

CVE-2022-21703

Grafana is an open-source platform for monitoring and observability. Affected versions are subject to a cross site request forgery vulnerability which allows attackers to elevate their privileges by mounting cross-origin attacks against authenticated high-privilege Grafana users for example,...

8.8CVSS6.7AI score0.02236EPSS
Exploits0References1
CVE
CVE
added 2022/02/08 8:40 p.m.1175 views

CVE-2022-21703

CVE-2022-21703 is a Grafana Cross-Site Request Forgery (CSRF) vulnerability that can enable privilege escalation by tricking an authenticated high-privilege user into inviting the attacker as a new user with high privileges. Affected software is Grafana (versions from >= 3.0-beta1; as per advi...

8.8CVSS7.3AI score0.02236EPSS
Exploits0References7Affected Software1
Vulnrichment
Vulnrichment
added 2022/02/08 8:40 p.m.4 views

CVE-2022-21703 Cross Site Request Forgery in Grafana

Grafana is an open-source platform for monitoring and observability. Affected versions are subject to a cross site request forgery vulnerability which allows attackers to elevate their privileges by mounting cross-origin attacks against authenticated high-privilege Grafana users for example,...

6.3CVSS7AI score0.02236EPSS
Exploits0References7
Hacker One
Hacker One
added 2022/02/01 12:17 p.m.22 views

Kubernetes: monitoring.prow-canary.k8s.io is vulnerable to CVE-2022-21703 (Grafana 0-day)

The monitoring.prow-canary.k8s.io site was found to be running a vulnerable version of Grafana affected by CVE-2022-21703. This vulnerability could have been exploited by an attacker to escalate their privileges on the Grafana instance through a cross-origin request forgery attack. The issue was...

8.8CVSS8.7AI score0.02236EPSS
Exploits0
Rows per page
Query Builder