Lucene search
Veracode Vulnerability DatabaseVERACODE:35632HistoryMay 22, 2022 - 10:20 a.m.
Server-side Request Forgery (SSRF)
2022-05-2210:20:30
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
30
0.001 Low
EPSS
Percentile
49.8%
Grafana is vulnerable to server-side request forgery. The vulnerability allows someone to bypass these security configurations if a malicious datasource (running on an allowed host) returns an HTTP redirect to a forbidden host. The vulnerability only impacts Grafana Enterprise when the Request security allow list is used and there is a possibility to add a custom datasource to Grafana which returns HTTP redirects.
Related
alpinelinux
alpinelinux
CVE-2022-29170
2022-05-20 16:15:09
osv
osv
BIT-grafana-2022-29170
2024-03-06 10:56:56
CVE-2022-29170
2022-05-20 16:15:09
cvelist
cvelist
nvd
nvd
CVE-2022-29170
2022-05-20 16:15:09
prion
prion
Design/Logic Flaw
2022-05-20 16:15:00
cve
cve
CVE-2022-29170
2022-05-20 16:15:09
openvas
openvas
Grafana Datasource Network Restriction Bypass Vulnerability (GHSA-9rrr-6fq2-4f99)
2022-05-23 00:00:00
SUSE: Security Advisory (SUSE-SU-2022:4428-1)
2022-12-14 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 10 package grafana version 8.5.20-alt1
2023-01-31 00:00:00
nessus
nessus
SUSE SLED15 / SLES15 Security Update : grafana (SUSE-SU-2022:4428-1)
2022-12-14 00:00:00
redos
redos
ROS-20240403-01
2024-04-03 00:00:00
