Lucene search

K
veracodeVeracode Vulnerability DatabaseVERACODE:41736
HistoryJul 26, 2023 - 11:27 a.m.

Stored XSS

2023-07-2611:27:01
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
171
grafana
stored xss
vulnerability
javascript
privilege escalation
svg
admin role

CVSS3

7.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N

EPSS

0.001

Percentile

45.4%

Grafana is vulnerable to Stored XSS. The vulnerability is due to not sanitizing the SVG image output displayed on the browser leading to arbitrary JavaScript to be executed in the context of the currently authorized user. The attacker with an editor role can achieve vertical privilege escalation by uploading a SVG file (using external URL or using data: scheme as an inline SVG) containing malicious JavaScript which can be executed by a user with Admin role while viewing a dashboard. This can allow attacker with an editor role to change to a known admin password.

Affected configurations

Vulners
Node
grafanagrafana-image-rendererRangev9.3.2grafana
VendorProductVersionCPE
grafanagrafana-image-renderer*cpe:2.3:a:grafana:grafana-image-renderer:*:*:*:*:*:grafana:*:*

CVSS3

7.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N

EPSS

0.001

Percentile

45.4%