[FREEBSD:0C367E98-0415-11ED-A53B-6C3BE5272ACD] Grafana -- Stored XSS

Severity High

Affected Packages 3

CVEs 1

Grafana Labs reports:

  An attacker can exploit this vulnerability to escalate privilege from editor to admin by tricking an authenticated admin to click on a link. (Note: Grafana Alerting is activated by default in Grafana 9.0.)

Package	Affected Version
pkg:freebsd/grafana9	< 9.0.3
pkg:freebsd/grafana8	< 8.3.10
pkg:freebsd/grafana	< 8.3.10

ID

FREEBSD:0C367E98-0415-11ED-A53B-6C3BE5272ACD

Severity

high

Severity from

CVE-2022-31097

URL

http://vuxml.freebsd.org/freebsd/0c367e98-0415-11ed-a53b-6c3be5272acd.html

Published

2022-06-19T00:00:00
(2 years ago)

Modified

2022-07-15T00:00:00
(2 years ago)

Rights

FreeBSD VuXML Security Team

Other Advisories

Source	# ID	Name	URL
FreeBSD VuXML			https://github.com/grafana/grafana/security/advisories/GHSA-vw7q-p2qg-4m5f

Type	Package URL	Name / Product	Version
Affected	pkg:freebsd/grafana9	grafana9	< 9.0.3
Affected	pkg:freebsd/grafana8	grafana8	< 8.3.10
Affected	pkg:freebsd/grafana	grafana	< 8.3.10

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date