5.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
0.001 Low
EPSS
Percentile
40.0%
A vulnerability was found in Graphite Web. It has been classified as
problematic. Affected is an unknown function of the component Absolute Time
Range Handler. The manipulation leads to cross site scripting. It is
possible to launch the attack remotely. The exploit has been disclosed to
the public and may be used. The name of the patch is
2f178f490e10efc03cd1d27c72f64ecab224eb23. It is recommended to apply a
patch to fix this issue. The identifier of this vulnerability is
VDB-216744.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 18.04 | noarch | graphite-web | < 1.0.2+debian-2ubuntu0.1~esm1 | UNKNOWN |
ubuntu | 20.04 | noarch | graphite-web | < 1.1.4-5ubuntu0.1 | UNKNOWN |
ubuntu | 22.04 | noarch | graphite-web | < 1.1.8-1ubuntu0.22.04.1 | UNKNOWN |
ubuntu | 23.10 | noarch | graphite-web | < any | UNKNOWN |
ubuntu | 24.04 | noarch | graphite-web | < any | UNKNOWN |
ubuntu | 14.04 | noarch | graphite-web | < 0.9.12+debian-3ubuntu0.1~esm2 | UNKNOWN |
ubuntu | 16.04 | noarch | graphite-web | < 0.9.15+debian-1ubuntu0.1~esm1 | UNKNOWN |
github.com/graphite-project/graphite-web/commit/2f178f490e10efc03cd1d27c72f64ecab224eb23
github.com/graphite-project/graphite-web/issues/2746
github.com/graphite-project/graphite-web/pull/2785
launchpad.net/bugs/cve/CVE-2022-4730
nvd.nist.gov/vuln/detail/CVE-2022-4730
security-tracker.debian.org/tracker/CVE-2022-4730
ubuntu.com/security/notices/USN-6243-1
www.cve.org/CVERecord?id=CVE-2022-4730