CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
EPSS
Percentile
45.4%
Grafana is vulnerable to Stored XSS. The vulnerability is due to not sanitizing the SVG image output displayed on the browser leading to arbitrary JavaScript to be executed in the context of the currently authorized user. The attacker with an editor role can achieve vertical privilege escalation by uploading a SVG file (using external URL or using data: scheme as an inline SVG) containing malicious JavaScript which can be executed by a user with Admin role while viewing a dashboard. This can allow attacker with an editor role to change to a known admin password.
Vendor | Product | Version | CPE |
---|---|---|---|
grafana | grafana-image-renderer | * | cpe:2.3:a:grafana:grafana-image-renderer:*:*:*:*:*:grafana:*:* |
github.com/grafana/grafana/commit/1c8a50b36973bd59a1cc5f34c30de8a9a6a431f0
github.com/grafana/grafana/commit/1c8a50b36973bd59a1cc5f34c30de8a9a6a431f0#diff-84a9e775307592c0c54d5075bcd9a5a24a6146ce5b8532a7ded7ee4e1a079202
github.com/grafana/grafana/commit/8b574e22b53aa4c5a35032a58844fd4aaaa12f5f
github.com/grafana/grafana/commit/c022534e3848a5d45c0b3face23b43aa44e4400a
github.com/grafana/grafana/commit/c022534e3848a5d45c0b3face23b43aa44e4400a#diff-84a9e775307592c0c54d5075bcd9a5a24a6146ce5b8532a7ded7ee4e1a079202
github.com/grafana/grafana/pull/62143
github.com/grafana/grafana/security/advisories/GHSA-8xmm-x63g-f6xv
grafana.com/blog/2023/01/25/grafana-security-releases-new-versions-with-fixes-for-cve-2022-23552-cve-2022-41912-and-cve-2022-39324/