FreeBSDE2A8E2BD-B808-11ED-B695-6C3BE5272ACDGrafana -- Stored XSS in geomap panel plugin via attribution
7.3 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
0.002 Low
EPSS
Percentile
64.5%
Grafana Labs reports:
During an internal audit of Grafana on January 25, a member of the security
team found a stored XSS vulnerability affecting the core geomap plugin.
The stored XSS vulnerability was possible because map attributions weren’t
properly sanitized, allowing arbitrary JavaScript to be executed in the context
of the currently authorized user of the Grafana instance.
The CVSS score for this vulnerability is 7.3 High
(CVSS:7.3/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N).
Related
7.3 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
0.002 Low
EPSS
Percentile
64.5%