2 matches found
Grafana Enterprise Datasource Network Restrictions Bypass (CVE-2023-4399)
According to its self-reported version number, the version of Grafana Enterprise running on the remote host is a version 9.4.x prior to 9.4.17, 9.5.x prior to 9.5.13, 10.0.x prior to 10.0.9 or 10.1.x prior to 10.1.5. It is, therefore, affected by a restriction bypass vulnerability. In Grafana...
CVE-2023-4399
CVE-2023-4399 concerns a denial-of-service restriction-bypass in Grafana Enterprise’s Request security feature. The issue arises because the deny-list can be bypassed using punycode encoding of characters in the request address, enabling crafted requests to reach hosts that should be blocked. The...