FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Grafana -- Stored XSS

Affected packages
8.3.0 <= grafana < 8.3.10
8.4.0 <= grafana < 8.4.10
8.5.0 <= grafana < 8.5.9
9.0.0 <= grafana < 9.0.3
9.1.0 <= grafana < 9.2.7
8.3.0 <= grafana8 < 8.3.10
8.4.0 <= grafana8 < 8.4.10
8.5.0 <= grafana8 < 8.5.9
grafana9 < 9.0.3
9.1.0 <= grafana9 < 9.2.7

Details

VuXML ID 0c367e98-0415-11ed-a53b-6c3be5272acd
Discovery 2022-06-19
Entry 2022-07-15

Grafana Labs reports:

An attacker can exploit this vulnerability to escalate privilege from editor to admin by tricking an authenticated admin to click on a link. (Note: Grafana Alerting is activated by default in Grafana 9.0.)

References

CVE Name CVE-2022-31097
URL https://github.com/grafana/grafana/security/advisories/GHSA-vw7q-p2qg-4m5f