Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntuUbuntuUSN-6243-1
HistoryJul 25, 2023 - 12:00 a.m.

Graphite-Web vulnerabilities

2023-07-2500:00:00
ubuntu.com
18

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

6.2 Medium

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.008 Low

EPSS

Percentile

81.8%

JSON

Releases

  • Ubuntu 22.04 LTS
  • Ubuntu 20.04 LTS
  • Ubuntu 18.04 ESM
  • Ubuntu 16.04 ESM
  • Ubuntu 14.04 ESM

Packages

  • graphite-web - A highly scalable real-time graphing system

Details

It was discovered that Graphite-Web incorrectly handled certain inputs. If a
user or an automated system were tricked into opening a specially crafted
input file, a remote attacker could possibly use this issue to perform
server-side request forgery and obtain sensitive information. This issue
only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2017-18638)

It was discovered that Graphite-Web incorrectly handled certain inputs. If a
user or an automated system were tricked into opening a specially crafted
input file, a remote attacker could possibly use this issue to perform
cross site scripting and obtain sensitive information. (CVE-2022-4728,
CVE-2022-4729, CVE-2022-4730)

OSVersionArchitecturePackageVersionFilename
Ubuntu22.04noarchgraphite-web< 1.1.8-1ubuntu0.22.04.1UNKNOWN
Ubuntu20.04noarchgraphite-web< 1.1.4-5ubuntu0.1UNKNOWN
Ubuntu18.04noarchgraphite-web< 1.0.2+debian-2ubuntu0.1~esm1UNKNOWN
Ubuntu18.04noarchgraphite-web< 1.0.2+debian-2UNKNOWN
Ubuntu16.04noarchgraphite-web< 0.9.15+debian-1ubuntu0.1~esm1UNKNOWN
Ubuntu16.04noarchgraphite-web< 0.9.15+debian-1UNKNOWN
Ubuntu14.04noarchgraphite-web< 0.9.12+debian-3ubuntu0.1~esm2UNKNOWN
Ubuntu14.04noarchgraphite-web< 0.9.12+debian-3UNKNOWN

Related

nessus 3
osv 13
ubuntu 1
openvas 4
debian 2
ubuntucve 4
github 4
veracode 4
cve 4
nuclei 1
debiancve 4
prion 4
redhatcve 4
nessus
nessus
Ubuntu 16.04 ESM / 18.04 ESM / 20.04 LTS / 22.04 LTS : Graphite-Web vulnerabilities (USN-6243-1)
2023-07-25 00:00:00
Debian DLA-3309-1 : graphite-web - LTS security update
2023-02-07 00:00:00
Debian DLA-1962-1 : graphite-web security update
2019-10-22 00:00:00
osv
osv
graphite-web regression
2023-08-09 14:16:34
graphite-web vulnerabilities
2023-07-25 08:34:41
graphite-web - security update
2023-02-06 00:00:00
ubuntu
ubuntu
Graphite-Web regression
2023-08-09 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-6243-1)
2023-07-26 00:00:00
Ubuntu: Security Advisory (USN-6243-2)
2023-08-10 00:00:00
Debian: Security Advisory (DLA-3309-1)
2023-02-08 00:00:00
debian
debian
[SECURITY] [DLA 3309-1] graphite-web security update
2023-02-07 02:00:57
[SECURITY] [DLA 1962-1] graphite-web security update
2019-10-21 14:15:48
ubuntucve
ubuntucve
CVE-2017-18638
2019-10-11 00:00:00
CVE-2022-4728
2022-12-27 00:00:00
CVE-2022-4729
2022-12-27 00:00:00
github
github
graphite.composer.views.send_email vulnerable to SSRF
2019-10-25 13:55:20
Graphite Web Cross-site Scripting vulnerability
2022-12-27 15:30:19
Graphite Web Cross-site Scripting vulnerability
2022-12-27 15:30:19
veracode
veracode
Server-Side Request Forgery (SSRF)
2019-10-18 02:46:30
Cross-site Scripting (XSS)
2023-01-05 03:29:33
Cross-site Scripting (XSS)
2023-01-05 06:28:22
cve
cve
CVE-2017-18638
2019-10-11 23:15:00
CVE-2022-4729
2022-12-27 15:15:00
CVE-2022-4728
2022-12-27 15:15:00
nuclei
nuclei
Graphite <=1.1.5 - Server-Side Request Forgery
2021-09-03 08:22:53
debiancve
debiancve
CVE-2017-18638
2019-10-11 23:15:00
CVE-2022-4728
2022-12-27 15:15:00
CVE-2022-4729
2022-12-27 15:15:00
prion
prion
Server side request forgery (ssrf)
2019-10-11 23:15:00
Cross site scripting
2022-12-27 15:15:00
Cross site scripting
2022-12-27 15:15:00
redhatcve
redhatcve
CVE-2017-18638
2021-09-07 10:58:33
CVE-2022-4730
2023-01-12 05:35:18
CVE-2022-4728
2023-01-12 05:35:00

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

6.2 Medium

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.008 Low

EPSS

Percentile

81.8%

JSON
Related for USN-6243-1
nessus3osv13ubuntu1openvas4debian2ubuntucve4github4veracode4cve4nuclei1debiancve4prion4redhatcve4