FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Grafana -- Spoofing originalUrl of snapshots

Affected packages
8.0.0 <= grafana < 8.5.16
9.0.0 <= grafana < 9.2.10
9.3.0 <= grafana < 9.3.4
8.0.0 <= grafana8 < 8.5.16
9.0.0 <= grafana9 < 9.2.10
9.3.0 <= grafana9 < 9.3.4


VuXML ID e6281d88-a7a7-11ed-8d6a-6c3be5272acd
Discovery 2023-01-25
Entry 2023-02-09

Grafana Labs reports:

A third-party penetration test of Grafana found a vulnerability in the snapshot functionality. The value of the originalUrl parameter is automatically generated. The purpose of the presented originalUrl parameter is to provide a user who views the snapshot with the possibility to click on the Local Snapshot button in the Grafana web UI and be presented with the dashboard that the snapshot captured. The value of the originalUrl parameter can be arbitrarily chosen by a malicious user that creates the snapshot. (Note: This can be done by editing the query thanks to a web proxy like Burp.)

We have assessed this vulnerability as having a CVSS score of 6.7 MEDIUM (CVSS:6.7/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:L).


CVE Name CVE-2022-39324