Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM1C57F7BAA21015EDBBA149B751A345A4EC40B661D7A45108EF8A72BFED5BF3A3
HistoryNov 01, 2023 - 7:37 p.m.

Security Bulletin: IBM Storage Ceph is vulnerable to cross-site scripting due to Grafana (CVE-2022-31097)

2023-11-0119:37:45
www.ibm.com
14
ibm storage ceph
grafana
cross-site scripting
cve-2022-31097
upgrade

CVSS3

8.7

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N

AI Score

6

Confidence

High

EPSS

0.006

Percentile

77.6%

JSON

Summary

Grafana is used by IBM Storage Ceph as part of the dashboard to monitor the stats for each cluster. CVE-2022-31097.

Vulnerability Details

CVEID:CVE-2022-31097
**DESCRIPTION:**Grafana is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the Unified Alerting feature. A remote authenticated attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim’s Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.
CVSS Base score: 7.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/231305 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Storage Ceph 5.3z1-z4

Remediation/Fixes

IBM strongly recommends addressing the vulnerability now.
Upgrade to 6.1 and follow instructions.

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibmstorage_cephMatch5.3
OR
ibmstorage_cephMatch1
OR
ibmstorage_cephMatch4
VendorProductVersionCPE
ibmstorage_ceph5.3cpe:2.3:a:ibm:storage_ceph:5.3:*:*:*:*:*:*:*
ibmstorage_ceph1cpe:2.3:a:ibm:storage_ceph:1:*:*:*:*:*:*:*
ibmstorage_ceph4cpe:2.3:a:ibm:storage_ceph:4:*:*:*:*:*:*:*

Related

osv 5
freebsd 1
checkpoint_advisories 1
veracode 2
prion 1
nvd 1
cve 1
cvelist 1
openvas 6
redhatcve 1
alpinelinux 1
nessus 8
github 1
suse 2
altlinux 1
redos 1
ibm 1
redhat 1
osv
osv
BIT-grafana-2022-31097
2024-03-06 10:56:47
Grafana Stored Cross-site Scripting in Unified Alerting in github.com/grafana/grafana
2024-06-05 15:10:42
CVE-2022-31097
2022-07-15 12:15:08
freebsd
freebsd
Grafana -- Stored XSS
2022-06-19 00:00:00
checkpoint_advisories
checkpoint_advisories
Grafana Cross-Site Scripting (CVE-2022-31097)
2022-11-27 00:00:00
veracode
veracode
Cross-site Scripting (XSS)
2022-07-18 12:12:46
Stored Cross-Site Scripting (XSS)
2022-07-18 13:05:26
prion
prion
Cross site scripting
2022-07-15 12:15:00
nvd
nvd
CVE-2022-31097
2022-07-15 12:15:08
cve
cve
CVE-2022-31097
2022-07-15 12:15:08
cvelist
cvelist
CVE-2022-31097 Stored XSS in Grafana's Unified Alerting
2022-07-15 12:10:10
openvas
openvas
Grafana XSS Vulnerability (GHSA-vw7q-p2qg-4m5f)
2022-07-18 00:00:00
SUSE: Security Advisory (SUSE-SU-2022:3751-1)
2022-10-27 00:00:00
SUSE: Security Advisory (SUSE-SU-2022:3747-1)
2022-10-27 00:00:00
redhatcve
redhatcve
CVE-2022-31097
2022-07-15 04:07:20
alpinelinux
alpinelinux
CVE-2022-31097
2022-07-15 12:15:08
nessus
nessus
Grafana Labs Stored XSS (CVE-2022-31097)
2023-11-03 00:00:00
SUSE SLES15 Security Update : SUSE Manager Client Tools (SUSE-SU-2022:3751-1)
2022-10-27 00:00:00
SUSE SLES12 Security Update : SUSE Manager Client Tools (SUSE-SU-2022:3747-1)
2022-10-27 00:00:00
github
github
Grafana Stored Cross-site Scripting in Unified Alerting
2024-05-14 22:15:41
suse
suse
Security update for SUSE Manager Client Tools (moderate)
2022-10-26 00:00:00
Security update for grafana (important)
2022-10-26 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 10 package grafana version 8.5.20-alt1
2023-01-31 00:00:00
redos
redos
ROS-20240403-01
2024-04-03 00:00:00
ibm
ibm
Security Bulletin: Watson Machine Learning Accelerator on Cloud Pak for Data is affected by multiple vulnerabilities in Grafana
2023-11-17 16:01:52
redhat
redhat
(RHSA-2023:3642) Important: Red Hat Ceph Storage 6.1 Container security and bug fix update
2023-06-15 15:57:53

CVSS3

8.7

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N

AI Score

6

Confidence

High

EPSS

0.006

Percentile

77.6%

JSON
Related for 1C57F7BAA21015EDBBA149B751A345A4EC40B661D7A45108EF8A72BFED5BF3A3
osv5freebsd1checkpoint_advisories1veracode2prion1nvd1cve1cvelist1openvas6redhatcve1alpinelinux1nessus8github1suse2altlinux1redos1ibm1redhat1