6.7 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
LOW
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:L
0.001 Low
EPSS
Percentile
51.0%
Grafana is an open-source platform for monitoring and observability. Prior
to versions 8.5.16 and 9.2.8, malicious user can create a snapshot and
arbitrarily choose the originalUrl
parameter by editing the query, thanks
to a web proxy. When another user opens the URL of the snapshot, they will
be presented with the regular web interface delivered by the trusted
Grafana server. The Open original dashboard
button no longer points to
the to the real original dashboard but to the attackerβs injected URL. This
issue is fixed in versions 8.5.16 and 9.2.8.
Author | Note |
---|---|
alexmurray | A quick look at the code and it appears that grafana in xenial may be affected by this - but needs a closer look |
github.com/grafana/grafana/commit/239888f22983010576bb3a9135a7294e88c0c74a
github.com/grafana/grafana/commit/d7dcea71ea763780dc286792a0afd560bff2985c
github.com/grafana/grafana/pull/60232
github.com/grafana/grafana/pull/60256
github.com/grafana/grafana/security/advisories/GHSA-4724-7jwc-3fpw
launchpad.net/bugs/cve/CVE-2022-39324
nvd.nist.gov/vuln/detail/CVE-2022-39324
security-tracker.debian.org/tracker/CVE-2022-39324
www.cve.org/CVERecord?id=CVE-2022-39324